This article will help you to cover up an ongoing issue with a customized 2FA port and certification.
If you recently updated your firewall to 4.65 or 5.02 firmware version, the new 2FA Authorized Port is "8008" and may be added by the Security Check rule to your firewall for security purposes.
However, the firewall uses the default self-signed TLS-certificate for the 2FA page and your third-party certificate. This has the effect that the users get a certificate warning when opening the 2FA link.
You can follow these steps as a workaround: Apply Authorize Link URL to HTTP and change to HTTPS again, then the certificate will replace to correct one.
We are going to fix this issue within the next release version. Sorry for inconvience.