http vs https for 2 factor auth emails

USG110
USG110 Posts: 3  Freshman Member
First Comment Third Anniversary

Hello,

I would like to ask if there is any practical difference between using http versus https for the VPN 2 factor authentication via email. I understand using https is more secure.

When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it, but i was wondering if using plain http is an issue in this scenario and what the risks would be with that.

Thank you,

Spyros

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @USG110

    Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.

    Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @USG110

    "When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it" Based on the above description, can you share the screenshot with us? Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • USG110
    USG110 Posts: 3  Freshman Member
    First Comment Third Anniversary

    Hello,

    Thank you for the reply.

    Please see the screenshot of accessing the address via https.

    There wasn't any need so far for a certificate, but for users when using https the extra steps to go to "advanced" and then open the site is more invonvinient that using plain http and getting to the site without more steps.

    That is why i am wondering if it's ok to keep using http for the 2 factor auth email links.

    Thank you again for taking a look at this.

    Spyros

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @USG110

    Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.

    Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    @zyxel_jeff zyxel could still apply compatibility for Let'sencrypt…

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    Currently, we do not support this feature. Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    You should. You really should.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    Thanks for your suggestion. We already transferred this requirement to our new feature queue for further evaluation.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    I don't think that's unpolite to believe that, due tu current status of some "openness feature" requested several years ago from your customers, the evaluation will be with the result "nope!".

    But hey, i'd love to prove myself wrong when the support of that feature will appear. Sorry, my bad. if, not when.

Security Highlight