For website administrators, they are not satisfied that the SSL certificate application and deployment process is very cumbersome and laborious, and they may not be willing or able to install the ACME client software on the web server. Our product is a cloud service that automatically applies for and deploys SSL certificates to achieve https encryption, which can meet the application requirements for zero change of the original web server, zero installation of SSL certificates, zero installation of ACME client software, and zero deployment of hardware gateways to achieve https encryption and WAF protection, adaptive https algorithm.
We deployed the ZoTrus HTTPS Automation Gateway to multiple IDCs, turned the hardware product into a new cloud service product - HTTPS Automation Cloud Service, the Cloud Service can automatically apply for SSL certificates and deploy SSL certificates to achieve https encryption, and provide CDN and WAF protection for the original Web server, so that the original Web server becomes the source server, and https encryption is realized without reconstruction. The Cloud Service includes a publicly trusted and cryptography compliant dual algorithm (ECC/SM2) SSL certificates, and users do not need to pay for the SSL certificates.
ZoTrus HTTPS Automation Cloud Service is an innovative cloud service that turns the gateway hardware product into a completely new innovative cloud service by deploying ZoTrus HTTPS Automation Gateway to many IDCs, it can meet the practical application needs of customers who want to realize the SM2 HTTPS automation but do not want or cannot deploy a hardware gateway locally, allowing customers to enjoy the same high-performance HTTPS encryption automation without purchasing a hardware gateway.
The biggest features and characteristics of ZoTrus HTTPS Automation Cloud Service are zero hardware deployment, zero application for SSL certificates, zero installation of SSL certificates, built-in SM2 ACME client software, automatic docking with ZoTrus SM2 ACME Service System, automatic application for dual algorithmic dual SSL certificate automatically to realize SM2 https encryption, CDN distribution and cloud WAF protection, so that the website system does not need to apply for an SSL certificate from the CA, and does not need to purchase CDN/WAF services separately. It automates the application, deployment, and renewal of dual SSL certificates to ensure business system implements https encryption with zero reconstruction and provides automatic https encryption services and WAF protection to business systems without interruption.
The core function of ZoTrus HTTPS Automation Cloud Service is zero modification of the original server. There is no need to install an SSL certificate on the server, no need to install ACME client software on the server, no need to upgrade the server software to support the SM2 algorithm, and no need to purchase and localize the ZoTrus HTTPS Automation Gateway, just need to purchase the Cloud service and do the domain name resolution twice to immediately enable the ZoTrus HTTPS Automation Cloud Service, providing https encryption services and WAF protection 24 hours a day, 365 days a year. A completely free SM2 browser that supports SM2 algorithm and SM2 certificate transparency - ZT Browser preferentially uses the SM2 algorithm to implement https encryption, other browsers that do not support SM2 algorithm and SM2 certificate transparency use ECC algorithm to implement https encryption.
The dual-algorithm dual-SSL certificate required for HTTPS encryption is automatically completed by ZoTrus HTTPS Automation Cloud Service connected to the ZoTrus Cloud SSL System to apply for the dual-SSL certificate, validate the domain name, retrieve the issued SSL certificate, install the SSL certificate, and enable the SSL certificate. The automatically configured ECC SSL certificate is globally trusted and supports the certificate transparency, it is issued by ZoTrus brand intermediate root certificate - ZoTrus ECC DV SSL CA, its root CA certificate is the world oldest ECC algorithm root CA certificate - Sectigo ECC, and the entire chain uses ECC Algorithm, the encryption speed is 18 times faster than the RSA algorithm SSL certificate, to fast access the website by end users. The automatically configured SM2 SSL certificate is compliant with the Cryptography Law and trusted by all SM2 browsers. It is currently the only SM2 SSL certificate in the world that supports the SM2 Certificate Transparency. It is issued by ZoTrus brand intermediate root certificate - SM2 SSL Pro CA, its root CA certificate is Guizhou SM2 CA that Guizhou CA has the CA license issued by MIIT and SCA, the entire chain uses the SM2 algorithm, the encryption speed is 20 times faster than the RSA algorithm, to fast access the website by end users. The certificate chain file of the automatically configured dual SSL certificate is the smallest, saving IDC traffic and user mobile phone traffic, saving IDC power consumption and user mobile phone power consumption, and is more environmentally friendly.
ZoTrus HTTPS Automation Cloud Service provides HTTPS encryption services and WAF protection based on the content distribution network (CDN). There are two different types of services: self-built nodes based and Alibaba CDN nodes based. The difference is that the former service node is fewer than the latter, but they are all fully automatically configured with dual algorithm dual SSL certificates, automatically realizing SM2 HTTPS encryption, rapid content distribution and WAF protection.
ZoTrus HTTPS Automation Cloud Service has a built-in WAF module. This module is developed based on the open source ModSecurity system, which supports commonly used Web Application Firewall functions, such as: preventing SQL injection, preventing cross-site scripting attacks (XSS), preventing attacks using local files containing vulnerabilities, and preventing the use of remote File (including vulnerabilities) attacks, preventing attacks using remote command execution vulnerabilities, preventing PHP code injection, preventing malicious access that violates the HTTP protocol, preventing attacks using remote proxy infection vulnerabilities, preventing attacks using Shellshock vulnerabilities, and preventing the use of Session sessions Vulnerabilities with the same ID can be used to attack, prevent malicious scanning of websites, prevent source code or error information leakage, blacklist honeypot projects, and perform IP blocking based on judging the IP address attribution, etc.
The main eight functions of ZoTrus HTTPS Automation Cloud Service are:
ZoTrus HTTPS Automation Cloud Service provides an efficient, secure, transparent, zero-deployment, zero-reconstruction, and automatic innovative cloud service to implement https encryption and WAF protection. Customers do not need to purchase additional CDN/WAF that require manual application and deployment of SSL certificates, a high-quality CDN+WAF service that automatically configures dual SSL certificate, can greatly improve the user experience visiting the website and ensure the uninterrupted and reliable operation of the business system 24 x 365.
ZoTrus HTTPS Automation Cloud Service is a cloud service that deploys ZoTrus HTTPS Automation Gateway hardware equipment on the cloud for customers to share and use, so that customers can achieve SM2 HTTPS encryption without purchasing and deploying hardware gateway. The core performance indicator of this innovative service is the automatic configuration of dual algorithm dual SSL certificates, the difference is that the cloud service is only bound to one domain name. Customers only need to perform domain name resolution to complete domain name validation when it is enabled for the first time, and no longer need to do any more configuration, and the dual algorithm SSL certificate will be automatically configured during the service validity period. In order to ensure the private key security and comply with the upcoming international standard of shortening the certificate validity period to 90 days, the dual algorithm SSL certificate automatically configured by ZoTrus HTTPS Automation Cloud Service is valid for 90 days. The private key and certificates are updated every 90 days, not only Keys are kept secure, and standards are ensured now and in the future.
ZoTrus HTTPS Automation Cloud Service provides services to customers in the form of CDN+WAF service. The Basic Edition and Pro Edition are based on ZoTrus Technology self-built service nodes, the EX Pro Edition is based on Alibaba Cloud CDN + WAF service, to meet customer's application needs for more service nodes and different bandwidth.
ZoTrus HTTPS Automation Cloud Service currently provides 3 different specifications of products, which can be used to automatically implement https encryption and WAF protection for website systems of various sizes, especially to meet the application needs of customers to implement SM2 https encryption and WAF protection with zero reconstruction. The performance parameters of various editions are shown in the table below. For customers with different requirements, products can be customized to meet the requirements.
ZoTrus HTTPS Automation Cloud Service is not only an innovative zero trust website security service designed for website security, but also a cloud-native service. All services are provided directly through cloud services. Customers do not need to apply for an SSL certificate from the CA, and there is no need to installing an SSL certificate or ACME client software on the Web server, and there is no need to purchase hardware gateway. Customers only need to do CNAME resolution to automatically implement https encryption, , WAF protection and CDN distribution. which greatly reduces efforts, threshold, and cost to ensure website security. It is a three-dimensional website security protection solution. ZoTrus HTTPS Automation Cloud Service seamlessly switches from plaintext HTTP to HTTPS encryption with zero reconstruction, zero maintenance, zero disturb, and zero hardware. It is the first choice for SM2 HTTPS encryption reconstruction and system security upgrade.