• Authenticate users only over encrypted channels such as HTTPS. Authenticating over non-secure channels such as Telnet or HTTP exposes the password to any eavesdropper. For certificate-based server/FortiRecorder authentication, see “Replacing the default certificate for the web UI”.

• Immediately revoke certificates that have been compromised. If possible, automate the distribution of certificate revocation lists (see “Revoking certificates”).