http vs https for 2 factor auth emails

USG110 Posts: 3  Freshman Member
First Comment Third Anniversary


I would like to ask if there is any practical difference between using http versus https for the VPN 2 factor authentication via email. I understand using https is more secure.

When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it, but i was wondering if using plain http is an issue in this scenario and what the risks would be with that.

Thank you,


Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @USG110

    Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.


All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @USG110

    "When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it" Based on the above description, can you share the screenshot with us? Thanks.

  • USG110
    USG110 Posts: 3  Freshman Member
    First Comment Third Anniversary


    Thank you for the reply.

    Please see the screenshot of accessing the address via https.

    There wasn't any need so far for a certificate, but for users when using https the extra steps to go to "advanced" and then open the site is more invonvinient that using plain http and getting to the site without more steps.

    That is why i am wondering if it's ok to keep using http for the 2 factor auth email links.

    Thank you again for taking a look at this.


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @USG110

    Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.


  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    @zyxel_jeff zyxel could still apply compatibility for Let'sencrypt…

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    Currently, we do not support this feature. Thanks.

  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    You should. You really should.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    Thanks for your suggestion. We already transferred this requirement to our new feature queue for further evaluation.

  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    I don't think that's unpolite to believe that, due tu current status of some "openness feature" requested several years ago from your customers, the evaluation will be with the result "nope!".

    But hey, i'd love to prove myself wrong when the support of that feature will appear. Sorry, my bad. if, not when.