1. Three challenges in implementing HTTPS encryption
All browsers display "Not secure" for http plaintext transmission, this is not scaring Internet users, it is because of the information entered by the user in the browser is transmitted to the cloud web server on the Internet in plaintext using http protocol, it is very easy to be illegally stolen and illegally tampered with. Only the HTTPS protocol uses cryptographic technology can realize data transmission encryption, so that any information entered by the user in the browser is transmitted to the cloud web server in ciphertext, which can effectively protect all confidential information submitted by the user and delivered by the server transmission security. However, there are three main problems and obstacles in implementing HTTPS encryption, and it seriously obstacle the popularization and application of HTTPS encryption.
-
Problem One:Manually deploying SSL certificates is an impossible task.
How to implement https encryption, the user must apply for an SSL certificate from the CA, get the certificate after completing identity validation, and then install the SSL certificate on the web server to enable https encryption. This process is very cumbersome, time-consuming, and labor-intensive. As all websites must implement https encryption, especially the intensive centralized management of provincial and municipal government websites, tens of thousands of government websites need to be managed, and enterprises applied many servers in different public Cloud service providers, making the application and deployment of SSL certificates the biggest workload for network administrators.
Government cloud and enterprises must invest more operation and maintenance personnel to realize https encryption for multiple websites. Otherwise, once the SSL certificate of a system expires and forgets to renew and redeploy the SSL certificate, it will seriously affect the normal operation of the business system and cause immeasurable losses.
-
Problem Two:It is difficult to implement SM2 https encryption.
One of the compliance requirements of the Cyber Security Protection and Cryptography Security Protection is "network and communication transmission security", that is, the HTTPS encryption of the web server, which must be implemented using the SM2 algorithm. This requires the web server to deploy a SM2 SSL certificate, the user needs to apply for SM2 SSL certificate from the CA and deploy it to the web server for https, this step’s difficulty is the same as Problem One.
However, to enable the SM2 SSL certificate, it is not only necessary to install the SSL certificate, but also to modify the web server to support SM2 algorithm, and users are required to use a browser that supports SM2 algorithm to implement the SM2 https encryption. The problem is that some important web servers in use cannot be changed, modified, cannot affect the running business system, and some web server software cannot be modified at all.
-
Problem Three:SSL certificate period will be shortened to 47 days.
In order to ensure the security of HTTPS encryption, international standards have set a schedule for shortening the validity period of SSL certificates: 200 days from March 15, 2026, 100 days from March 15, 2027, and 47 days from March 15, 2029, aiming to make the PKI ecosystem have the agility required for quantum-resistant algorithms.
This means that the need to apply for and deploy an SSL certificate for a website once a year now will become 10 times a year, and the huge workload of Problem 1 and Problem 2 has increased by 10 times! This makes it impossible to manually apply for and deploy an SSL certificate!
In the face of this revolutionary technological change, all webmasters must prepare in advance to realize the automatic application and deployment of SSL certificates in advance, and realize the automatic management of SSL certificate for HTTPS encryption.
2. ZoTrus HTTPS automation three solutions, completely and perfectly solve the three HTTPS encryption problems
The above three problems are the three big mountains that weigh on the Web server administrator, and there must be solutions to solve these problems. ZoTrus Technology has innovatively developed three solutions and related products to realize automatic application, deployment and renewal of SSL certificates, fully automatic, micro reconstruction, and no need to care about the validity period of SSL certificates, completely and perfectly solving the above three problems.
-
Solution One:Onetime installed, enabling ZoTrus SM2 ACME client - SM2cerBot
This solution is similar to the ACME client software: CertBot. The difference is that SM2cerBot automatically applies for, deploys and renews dual-algorithm SSL certificates, one 90-day valid ECC SSL certificate and two 90-day SM2 SSL certificates (one signing certificate and one encrypting certificate). And it comes with a SM2 algorithm support module, which automatically replaces the Nginx that does not support the SM2 SSL certificate with the new Nginx that supports the SM2 algorithm and SM2 SSL certificate, automatically implements https encryption, adaptive encryption algorithm, and gives priority to the SM2 algorithm Implement HTTPS encryption.
The disadvantage of this solution is that the original Nginx server software needs to be uninstalled, which may have an impact on the business system, and is suitable for new website deployment to realize https encryption automation. Learn more
-
Solution Two:Onetime deployment, enabling ZoTrus HTTPS Automation Gateway
This solution is suitable for the scenario where the original web server is running an important business system and the server cannot be changed. The original web server is zero-reconstruction to realize SM2 https encryption that no need to apply and install SSL certificate. It only needs to deploy the HTTPS Automation Gateway and set the original website IP address to the gateway, the gateway implements https encryption, offloading and forwarding to the original website. The original web server is located in the intranet, which is not only more secure, but also transfers the burden of https encryption to the gateway, so that it can better serve the business system. The gateway is responsible for the automatic application, deployment and renewal of dual-algorithm SSL certificates, and the automatic https encryption, adaptive encryption algorithms, and the SM2 algorithm is given priority to implement HTTPS encryption.
ZoTrus HTTPS Automation Gateway can automatically configure dual-algorithm SSL certificates for up to 255 websites, including up to 255 dual-SSL certificates for 5 years. The value of the SSL certificates alone is as high as 1.25 million RMB Yuan, and the value of the saving HR cost of engineers is as high as 1.5 million RMB Yuan, this is a really very valuable https encryption automation solution. Learn more
-
Solution Three:Onetime setup, enabling ZoTrus HTTPS Automation Cloud Service
This solution is suitable for scenarios where ACME client software cannot be installed on the web server, and hardware gateway devices do not want to be purchased or cannot be deployed. This is a cloud service that can automatically apply for, deploy, and renew dual SSL certificates by doing only 3 domain name resolutions. The original web server is zero- reconstruction to realize SM2 https encryption, adaptive encryption algorithm, and the SM2 algorithm is given priority to implement HTTPS encryption.
ZoTrus HTTPS Automation Cloud Service is a comprehensive website security protection solution based on the industry-leading Alibaba Cloud CDN/WAF service, which integrates HTTPS encryption automation, CDN high-speed distribution network, edge WAF protection, and website trusted identity certification, suitable for the security protection of a single website and the automatic implementation of https encryption, each website needs to enable an independent HTTPS Automation Cloud service. Learn more
ZoTrus three HTTPS encryption automation solutions have two main application scenarios: HTTPS encryption automation and SM2 HTTPS encryption transformation. The former mainly solves the problem of automatic deployment of RSA/ECC algorithm SSL certificates, because many websites and various business management systems are still not deployed SSL certificates, these systems only need to deploy RSA/ECC algorithm SSL certificates, and do not need to be transformed to support SM2 SSL certificate, but they need to realize automated certificate management. The latter requires not only the deployment of RSA/ECC SSL certificates, but also the deployment of SM2 SSL certificates, and the automatic management of dual-algorithm certificates.
Customers can choose a suitable solution according to their own business system management needs. The comparison table of the main parameters of the three solutions is as follows.
ZoTrus SM2 ACME client
ZoTrus HTTPS Automation Gateway
ZoTrus HTTPS Automation Cloud Service
90-day SM2 DV SSL certificate
1-year SM2 OV SSL certificate
1-year SM2 OV/EV SSL certificate
SM2 SSL certificate: ZT Browser
SM2 SSL certificate: all SM2 browsers
SM2 SSL certificate: all SM2 browsers
In the past 4 years, ZoTrus Technology has successfully built eight core products, including ZoTrus SM2 Certificate Transparency Log, ZoTrus Cloud SSL Service System, ZoTrus SM2 ACME Service System, ZoTrus SM2 SSL Certificate and ECC/RSA SSL Certificate, ZT Browser, ZT SM2 ACME Client, ZoTrus HTTPS Automation Gateway, and ZoTrus HTTPS Automation Cloud Service. In addition, ZoTrus Cloud Cryptographic Infrastructure has been built to realize the automatic management system of dual-algorithm SSL certificates integrating client and cloud, so that users' website systems and IoT devices can realize the automatic management of dual-algorithm SSL certificates in three ways, and automatically realize the HTTPS encryption of adaptive algorithms, so as to meet the China cryptography compliance and globally trusted HTTPS encryption application needs of different users. And, ZoTrus Technology provides multi-CA and multi-channel issuance of dual-algorithm SSL certificates, which effectively ensures that no matter what problems occur in CA in the future, or the supply interruption event caused by changes in the international situation, it will not affect the ZoTrus Cloud SSL Service System to automatically configure dual-algorithm SSL certificates for users. This is the world's exclusive and innovative SSL certificate supply chain security measure provided by ZoTrus Technology, which completely solves the problem that a single CA supply chain cannot guarantee the security of SSL certificate supply, to effectively ensure the uninterrupted service of HTTPS encryption in the user's website system.
3. ZoTrus SM2 HTTPS automation solution three supporting services, provide value-added support for the three solutions
ZoTrus SM2 HTTPS encryption automation solution perfectly solves the problem of automatic application, deployment, and renewal of dual-algorithm SSL certificates, but in order to realize SM2 HTTPS encryption, browsers must support SM2 algorithms and SM2 SSL certificates, and the automatic configured dual-algorithm SSL certificates must support certificate transparency to ensure the security of the SSL certificate itself. For this end, ZoTrus Technology provides three supporting value-added services for free.
-
Supporting Service One:Providing SM2 browser for free - ZT Browser
ZT Browser is a completely free SM2 browser that supports SM2 algorithms and SM2 SSL certificates and supports SM2 certificate transparency. Of course, it is also a standard general browser based on Google Chromium, it supports SM2 algorithm in the cipher suits, which realizes the automatic negotiation of cipher algorithm when the browser shakes hands with the Web server, and it supports RSA/ECC/SM2 three cipher algorithm suites and realizes the adaptive algorithm https encryption.
ZT Browser is the world's first to integrate a full-featured PDF reader, which not only seamlessly reads PDF documents, but also verifies the digital signature of the document in real time and displays the signer's trusted identity. Free download
-
Supporting Service Two:Issuing the dual-algorithm SSL certificates for free
ZoTrus Cloud SSL Service System provides free support for ZoTrus HTTPS encryption automation solutions to provide automatic application and issuance of dual-algorithm SSL certificate services. Customers do not need to apply for SSL certificates from CA separately, and do not need to spend additional money to purchase SSL certificates. Three solutions all already include the dual-algorithm SSL certificates required for the service, the ECC/RSA SSL certificate is globally trusted and supports all browsers, the SM2 SSL certificate is cryptography compliant and supports all SM2 browsers.
What's particularly valuable is that the HTTPS Automation Gateway provides one ECC SSL certificate and two SM2 SSL certificate for up to 255 website domain names for 5 years, which is completely free and absolutely value-for-money. Learn more
-
Supporting Service Three:Providing SM2 certificate transparency log service for free
In order to ensure the security of the SM2 SSL certificates issued for ZoTrus HTTPS encryption automation solutions, ZoTrus provides SM2 certificate transparency log service for all SM2 SSL certificates. Every SM2 SSL certificate provided is like the ECC/RSA SSL certificates also have certificate transparency security protection, which effectively protect the legitimate rights and interests of customers and website security. Learn more
Action now, contact us: +86-755-26604080, get a free online trial opportunity!
Email: help@zotrus.com
Customer service WeChat:
