If you do not have a Secure Sockets Layer (SSL) certificate installed on your Web server, you are leaving protected pages open to replay attacks. An unauthorized person can monitor an unsecured connection, intercept a tokenholders PASSCODE or cookie, and then use the stolen object to access protected pages.
Security Dynamics strongly recommends that you install an SSL certificate, but if you wish to bypass this security measure, leave the Require secure connections to access protected pages checkbox unmarked in the ACE/Agent Administration applet.
For more information about how to obtain an SSL site certificate from a Certificate Authority, visit the VeriSign Corporation's Web site.
To require all tokenholders to use SSL connections: