ZoTrus Automatic HTTPS Encryption Management Solution

Three solutions to solve three challenges with three free supporting services

The zero change of the web server is preferred to automatically implement https encryption

1. Three challenges in implementing HTTPS encryption

All browsers display "Not secure" for http plaintext transmission, this is not scaring Internet users, it is because of the information entered by the user in the browser is transmitted to the cloud web server on the Internet in plaintext using http protocol, it is very easy to be illegally stolen and illegally tampered with. Only the HTTPS protocol uses cryptographic technology can realize data transmission encryption, so that any information entered by the user in the browser is transmitted to the cloud web server in ciphertext, which can effectively protect all confidential information submitted by the user and delivered by the server transmission security. However, there are three main problems and obstacles in implementing HTTPS encryption, and it seriously obstacle the popularization and application of HTTPS encryption.

Problem One:
Manually deploying SSL certificates is an impossible task.

How to implement https encryption, the user must apply for an SSL certificate from the CA, get the certificate after completing identity validation, and then install the SSL certificate on the web server to enable https encryption. This process is very cumbersome, time-consuming, and labor-intensive. As all websites must implement https encryption, especially the intensive centralized management of provincial and municipal government websites, tens of thousands of government websites need to be managed, and enterprises applied many servers in different public Cloud service providers, making the application and deployment of SSL certificates the biggest workload for network administrators.

Government cloud and enterprises must invest more operation and maintenance personnel to realize https encryption for multiple websites. Otherwise, once the SSL certificate of a system expires and forgets to renew and redeploy the SSL certificate, it will seriously affect the normal operation of the business system and cause immeasurable losses.
Problem Two:
It is difficult to implement SM2 https encryption.

One of the compliance requirements of the Cyber Security Protection and Cryptography Security Protection is "network and communication transmission security", that is, the HTTPS encryption of the web server, which must be implemented using the SM2 algorithm. This requires the web server to deploy a SM2 SSL certificate, the user needs to apply for SM2 SSL certificate from the CA and deploy it to the web server for https, this step’s difficulty is the same as Problem One.

However, to enable the SM2 SSL certificate, it is not only necessary to install the SSL certificate, but also to modify the web server to support SM2 algorithm, and users are required to use a browser that supports SM2 algorithm to implement the SM2 https encryption. The problem is that some important web servers in use cannot be changed, modified, cannot affect the running business system, and some web server software cannot be modified at all.
Problem Three:
SSL certificate period will be shortened to 90 days.

This is an upcoming problem. In order to ensure the security of https encryption, Google is promoting the shortening of the validity period of SSL certificates from the current 1 year to 90 days, with the intention of making the PKI ecosystem have the agility to resist quantum algorithms. This means that the original need to apply for and deploy an SSL certificate for the website once a year has become 5 times a year, and the huge workload of Problem One has increased by 5 times! This makes manual application and deployment of SSL certificates impossible!

This revolutionary technological change is expected to come in 2024, and all website administrators must prepare in advance to realize the automatic management of SSL certificates in advance.

2. ZoTrus HTTPS automation three solutions, completely and perfectly solve the three HTTPS encryption problems

The above three problems are the three big mountains that weigh on the Web server administrator, and there must be solutions to solve these problems. ZoTrus Technology has innovatively developed three solutions and related products to realize automatic application, deployment and renewal of SSL certificates, fully automatic, zero reconstruction, and no need to care about the validity period of SSL certificates, completely and perfectly solving the above three problems.

Solution One:
Onetime installed, enabling ZoTrus SM2 ACME client - SM2cerBot

This solution is similar to the ACME client software: CertBot. The difference is that SM2cerBot automatically applies for, deploys and renews dual-algorithm SSL certificates, one 90-day valid ECC SSL certificate and two 90-day SM2 SSL certificates (one signing certificate and one encrypting certificate). And it comes with a SM2 algorithm support module, which automatically replaces the Nginx that does not support the SM2 SSL certificate with the new Nginx that supports the SM2 algorithm and SM2 SSL certificate, automatically implements https encryption, adaptive encryption algorithm, and gives priority to the SM2 algorithm Implement HTTPS encryption.

The disadvantage of this solution is that the original Nginx server software needs to be uninstalled, which may have an impact on the business system, and is suitable for new website deployment to realize https encryption automation. Learn more
Solution Two:
Onetime deployment, enabling ZoTrus HTTPS Automation Gateway

This solution is suitable for the scenario where the original web server is running an important business system and the server cannot be changed. The original web server is zero-reconstruction to realize SM2 https encryption that no need to apply and install SSL certificate. It only needs to deploy the HTTPS Automation Gateway and set the original website IP address to the gateway, the gateway implements https encryption, offloading and forwarding to the original website. The original web server is located in the intranet, which is not only more secure, but also transfers the burden of https encryption to the gateway, so that it can better serve the business system. The gateway is responsible for the automatic application, deployment and renewal of dual-algorithm SSL certificates, and the automatic https encryption, adaptive encryption algorithms, and the SM2 algorithm is given priority to implement HTTPS encryption.

ZoTrus HTTPS Automation Gateway can automatically configure dual-algorithm SSL certificates for up to 255 websites, including up to 255 dual-SSL certificates for 5 years. The value of the SSL certificates alone is as high as 1.25 million RMB Yuan, and the value of the saving HR cost of engineers is as high as 1.5 million RMB Yuan, this is a really very valuable https encryption automation solution. Learn more
Solution Three:
Onetime setup, enabling ZoTrus HTTPS Automation Cloud Service

This solution is suitable for scenarios where ACME client software cannot be installed on the web server, and hardware gateway devices do not want to be purchased or cannot be deployed. This is a cloud service that can automatically apply for, deploy, and renew dual SSL certificates by doing only 3 domain name resolutions. The original web server is zero- reconstruction to realize SM2 https encryption, adaptive encryption algorithm, and the SM2 algorithm is given priority to implement HTTPS encryption.

ZoTrus HTTPS Automation Cloud Service is a comprehensive website security protection solution based on the industry-leading Alibaba Cloud CDN/WAF service, which integrates HTTPS encryption automation, CDN high-speed distribution network, edge WAF protection, and website trusted identity certification, suitable for the security protection of a single website and the automatic implementation of https encryption, each website needs to enable an independent HTTPS Automation Cloud service. Learn more

ZoTrus three HTTPS encryption automation solutions have two main application scenarios: HTTPS encryption automation and SM2 HTTPS encryption transformation. The former mainly solves the problem of automatic deployment of RSA/ECC algorithm SSL certificates, because many websites and various business management systems are still not deployed SSL certificates, these systems only need to deploy RSA/ECC algorithm SSL certificates, and do not need to be transformed to support SM2 SSL certificate, but they need to realize automated certificate management. The latter requires not only the deployment of RSA/ECC SSL certificates, but also the deployment of SM2 SSL certificates, and the automatic management of dual-algorithm certificates.

Customers can choose a suitable solution according to their own business system management needs. The comparison table of the main parameters of the three solutions is as follows.

Solution One
ZoTrus SM2 ACME client

Solution Two
ZoTrus HTTPS Automation Gateway

Solution Three
ZoTrus HTTPS Automation Cloud Service

Onetime Operation

Install client software

Deploy hardware device

Do the domain resolution

Auto-apply for and deploy dual SSL certificates

90-day ECC DV SSL certificate
90-day SM2 DV SSL certificate

1-year ECC DV SSL certificate
1-year SM2 OV SSL certificate

1-year ECC DV SSL certificate
1-year SM2 OV/EV SSL certificate

Auto-renewal the dual SSL certificates

Yes, every 90 days

Yes, every 365 days

Number of supported sites

No limit

50/100/150/255 sites

1 site, optional multi-sites

Service Period

No limit

5 Years

1 Year, optional multi-year

Cost (RMB Yuan)

free

198K – 998K

4,888 – 98,888

Certificate types optional

Optional 1-year DV/OV/EV SSL certificate

Optional ECC OV/EV and SM2 EV

Optional ECC OV/EV SSL certificate

Zero-transformation of the original web server

Include WAF Protection

Include CDN service

Include WTIV service

Browsers Support

ECC SSL certificate: all browsers
SM2 SSL certificate: ZT Browser

ECC SSL certificate: all browsers
SM2 SSL certificate: all SM2 browsers

Application Scene

New website

There are multiple website systems that need to automatically deploy SSL certificates for independent management

One or few websites system need to automatically deploy SSL certificates without purchasing hardware

Disadvantages

Need to reinstall Nginx and install client software

None

Rely on cloud services

ZoTrus Technology has successfully built eight core products, including ZoTrus SM2 Certificate Transparency Log, ZoTrus Cloud SSL Service System, ZoTrus SM2 ACME Service System, ZoTrus SM2 SSL Certificate and RSA/ECC SSL Certificate, ZT Browser, ZoTrus SM2 ACME Client, ZoTrus HTTPS Automation Gateway and ZoTrus HTTPS Automation Cloud Service, providing related products and services, so that the user's website system and Internet of Things devices can fully automatically realize HTTPS encryption and adaptive cryptography algorithm(RSA/ECC/SM2), to meet the different users HTTPS application requirement for cryptography compliance and globally trusted.

3. ZoTrus SM2 HTTPS automation solution three supporting services, provide value-added support for the three solutions

ZoTrus SM2 HTTPS encryption automation solution perfectly solves the problem of automatic application, deployment, and renewal of dual-algorithm SSL certificates, but in order to realize SM2 HTTPS encryption, browsers must support SM2 algorithms and SM2 SSL certificates, and the automatic configured dual-algorithm SSL certificates must support certificate transparency to ensure the security of the SSL certificate itself. For this end, ZoTrus Technology provides three supporting value-added services for free.

Supporting Service One:
Providing SM2 browser for free - ZT Browser

ZT Browser is a completely free SM2 browser that supports SM2 algorithms and SM2 SSL certificates and supports SM2 certificate transparency. Of course, it is also a standard general browser based on Google Chromium, it supports SM2 algorithm in the cipher suits, which realizes the automatic negotiation of cipher algorithm when the browser shakes hands with the Web server, and it supports RSA/ECC/SM2 three cipher algorithm suites and realizes the adaptive algorithm https encryption.

ZT Browser is the world's first to integrate a full-featured PDF reader, which not only seamlessly reads PDF documents, but also verifies the digital signature of the document in real time and displays the signer's trusted identity. Free download
Supporting Service Two:
Issuing the dual-algorithm SSL certificates for free

ZoTrus Cloud SSL Service System provides free support for ZoTrus HTTPS encryption automation solutions to provide automatic application and issuance of dual-algorithm SSL certificate services. Customers do not need to apply for SSL certificates from CA separately, and do not need to spend additional money to purchase SSL certificates. Three solutions all already include the dual-algorithm SSL certificates required for the service, the ECC/RSA SSL certificate is globally trusted and supports all browsers, the SM2 SSL certificate is cryptography compliant and supports all SM2 browsers.

What's particularly valuable is that the HTTPS Automation Gateway provides one ECC SSL certificate and two SM2 SSL certificate for up to 255 website domain names for 5 years, which is completely free and absolutely value-for-money. Learn more
Supporting Service Three:
Providing SM2 certificate transparency log service for free

In order to ensure the security of the SM2 SSL certificates issued for ZoTrus HTTPS encryption automation solutions, ZoTrus provides SM2 certificate transparency log service for all SM2 SSL certificates. Every SM2 SSL certificate provided is like the ECC/RSA SSL certificates also have certificate transparency security protection, which effectively protect the legitimate rights and interests of customers and website security. Learn more