http vs https for 2 factor auth emails
Hello,
I would like to ask if there is any practical difference between using http versus https for the VPN 2 factor authentication via email. I understand using https is more secure.
When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it, but i was wondering if using plain http is an issue in this scenario and what the risks would be with that.
Thank you,
Spyros
Accepted Solution
-
Hi @USG110
Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.
Thanks.
0
Zyxel Employee
All Replies
-
Hi @USG110
"When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it" Based on the above description, can you share the screenshot with us? Thanks.
0 -
Hello,
Thank you for the reply.
Please see the screenshot of accessing the address via https.
There wasn't any need so far for a certificate, but for users when using https the extra steps to go to "advanced" and then open the site is more invonvinient that using plain http and getting to the site without more steps.
That is why i am wondering if it's ok to keep using http for the 2 factor auth email links.
Thank you again for taking a look at this.
Spyros
0 -
Hi @USG110
Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.
Thanks.
0 -
@zyxel_jeff zyxel could still apply compatibility for Let'sencrypt…
0 -
Hi @mMontana
Currently, we do not support this feature. Thanks.
0 -
You should. You really should.
0 -
Hi @mMontana
Thanks for your suggestion. We already transferred this requirement to our new feature queue for further evaluation.
0 -
I don't think that's unpolite to believe that, due tu current status of some "openness feature" requested several years ago from your customers, the evaluation will be with the result "nope!".
But hey, i'd love to prove myself wrong when the support of that feature will appear. Sorry, my bad. if, not when.
0
Guru Member
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 99 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 922 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 212 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.1K FAQ
- 1K Nebula FAQ
- 445 Security FAQ
- 238 Switch FAQ
- 213 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 142 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
