For website administrators, they are not satisfied that the SSL certificate application and deployment process is very cumbersome and laborious, and they may not be willing or able to install the ACME client software on the web server. Our product is a cloud service that automatically applies for and deploys SSL certificates to achieve https encryption, which can meet the application requirements for zero change of the original web server, zero installation of SSL certificates, zero installation of ACME client software, and zero deployment of hardware gateways to achieve https encryption, including RSA algorithm https encryption and SM2 algorithm https encryption.
We deployed the ZoTrus HTTPS Automation Gateway to multiple IDCs, turned the hardware product into a new cloud service product - HTTPS Automation Cloud Service, the Cloud Service can automatically apply for SSL certificates and deploy SSL certificates to achieve https encryption, and provide CDN and WAF protection for the original Web server, so that the original Web server becomes the source server, and https encryption is realized without reconstruction. The Cloud Service includes a publicly trusted and cryptography compliant dual algorithm (ECC/SM2) SSL certificates, and users do not need to pay for the SSL certificates.
1. Service Introduction
ZoTrus HTTPS Automation Cloud Service is an innovative cloud service that turns the gateway hardware product into a completely new innovative cloud service by deploying ZoTrus HTTPS Automation Gateway to many IDCs, it can meet the practical application needs of customers who want to realize the SM2 HTTPS automation but do not want or cannot deploy a hardware gateway locally, allowing customers to enjoy the same high-performance HTTPS encryption automation without purchasing a hardware gateway.
ZoTrus HTTPS Automation Cloud Service
The biggest features and characteristics of ZoTrus HTTPS Automation Cloud Service are zero hardware deployment, zero application for SSL certificates, zero installation of SSL certificates, built-in SM2 ACME client software, automatic docking with ZoTrus SM2 ACME Service System, automatic application for dual algorithmic dual SSL certificate automatically to realize SM2 https encryption, CDN distribution and cloud WAF protection, so that the website system does not need to apply for an SSL certificate from the CA, and does not need to purchase CDN/WAF services separately. It automates the application, deployment, and renewal of dual SSL certificates to ensure business system implements https encryption with zero reconstruction and provides automatic https encryption services to business systems without interruption.
2. Main Functions
The core function of ZoTrus HTTPS Automation Cloud Service is zero modification of the original server. There is no need to install an SSL certificate on the server, no need to install ACME client software on the server, no need to upgrade the server software to support the SM2 algorithm, and no need to purchase and localize the ZoTrus HTTPS Automation Gateway, just need to purchase the Cloud service and do the domain name resolution twice to immediately enable the ZoTrus HTTPS Automation Cloud Service, providing https encryption services 24 hours a day, 365 days a year. A completely free SM2 browser that supports SM2 algorithm and SM2 certificate transparency - ZT Browser preferentially uses the SM2 algorithm to implement https encryption, other browsers that do not support SM2 algorithm and SM2 certificate transparency use ECC algorithm to implement https encryption.
The dual-algorithm dual-SSL certificate required for HTTPS encryption is automatically completed by ZoTrus HTTPS Automation Cloud Service connected to the ZoTrus Cloud SSL System to apply for the dual-SSL certificate, validate the domain name, retrieve the issued SSL certificate, install the SSL certificate, and enable the SSL certificate. The automatically configured ECC SSL certificate is globally trusted and supports the certificate transparency, it is issued by ZoTrus brand intermediate root certificate - ZoTrus ECC DV SSL CA, its root CA certificate is the world oldest ECC algorithm root CA certificate - Sectigo ECC, and the entire chain uses ECC Algorithm, the encryption speed is 18 times faster than the RSA algorithm SSL certificate, to fast access the website by end users. The automatically configured SM2 SSL certificate is compliant with the Cryptography Law and trusted by all SM2 browsers. It is currently the only SM2 SSL certificate in the world that supports the SM2 Certificate Transparency. It is issued by ZoTrus brand intermediate root certificate - SM2 SSL Pro CA, its root CA certificate is Guizhou SM2 CA that Guizhou CA has the CA license issued by MIIT and SCA, the entire chain uses the SM2 algorithm, the encryption speed is 20 times faster than the RSA algorithm, to fast access the website by end users. The certificate chain file of the automatically configured dual SSL certificate is the smallest, saving IDC traffic and user mobile phone traffic, saving IDC power consumption and user mobile phone power consumption, and is more environmentally friendly.
ZoTrus HTTPS Automation Cloud Service provides HTTPS encryption services based on the content distribution network (CDN). There are two different types of services: self-built nodes based and Alibaba CDN nodes based. The difference is that the former service node is fewer than the latter, but they are all fully automatically configured with dual algorithm dual SSL certificates, automatically realizing SM2 HTTPS encryption, rapid content distribution and edge WAF services.
ZoTrus HTTPS Automation Cloud Service has a built-in WAF module. This module is developed based on the open source ModSecurity system, which supports commonly used Web Application Firewall functions, such as: preventing SQL injection, preventing cross-site scripting attacks (XSS), preventing attacks using local files containing vulnerabilities, and preventing the use of remote File (including vulnerabilities) attacks, preventing attacks using remote command execution vulnerabilities, preventing PHP code injection, preventing malicious access that violates the HTTP protocol, preventing attacks using remote proxy infection vulnerabilities, preventing attacks using Shellshock vulnerabilities, and preventing the use of Session sessions Vulnerabilities with the same ID can be used to attack, prevent malicious scanning of websites, prevent source code or error information leakage, blacklist honeypot projects, and perform IP blocking based on judging the IP address attribution, etc.
The main eight functions of ZoTrus HTTPS Automation Cloud Service are:
Zero reconstruction for https encryption
The original server does not need to install an SSL certificate, no need to install SM2 ACME client software, zero reconstruction to realize SM2 https encryption, adaptive encryption algorithm, support RSA/ECC/SM2 algorithm to realize https encryption, and it supports two-way authentication.Automatically configure SSL certificates
By default, dual SSL certificates (ECC/SM2) are automatically configured for the website domain name for free. Customer do not need to apply for an SSL certificate from a CA, and do not need to install and configure an SSL certificate.Zero reconstruction for cryptography compliance
With zero reconstruction of the original web server, only two domain name resolutions are needed to instantly automatically implement the SM2 HTTPS encryption, quickly meeting the customer's cryptography compliance application needs with one click.High-performance https offloading
Completely take over and assume the SSL encryption function of the original server, greatly reducing the performance pressure on the original server, allowing the original server to be dedicated to the business system, and greatly improving the response speed of client access.CDN high-speed distribution
Multiple IDCs and multiple cloud platform ECSs realize high-speed content distribution, solve cross-region and cross-operator network performance problems, high-performance and flexible caching strategies, page performance optimization, etc.Cloud Web Application Firewall Protection
Based on the development of the industry-leading open source ModSecurity system, it supports common Web Application Firewall functions, provides security cleaning protection for https offloading traffic, and only forwards normal and secure traffic to the internal server behind.Ready to use, one-click activation
You only need to perform domain name resolution twice, enable cloud services immediately, start HTTPS encryption immediately, and implement SM2 HTTPS encryption immediately, providing uninterrupted HTTPS encryption services for websites and business systems to ensure website security.Website trusted identity certification
Free website trusted EV certification service worth 388 RMB Yuan. ZT Browser directly displays the website owner name and T4 certification icon in the green address bar to enhance online trust and promote more online orders.3. Performance Indicators
ZoTrus HTTPS Automation Cloud Service provides an efficient, secure, transparent, zero-deployment, zero-reconstruction, and automatic innovative cloud service to implement https encryption. Customers do not need to purchase additional CDN/WAF that require manual application and deployment of SSL certificates, a high-quality CDN+WAF service that automatically configures dual SSL certificate, can greatly improve the user experience visiting the website and ensure the uninterrupted and reliable operation of the business system 24 x 365.
ZoTrus HTTPS Automation Cloud Service is a cloud service that deploys ZoTrus HTTPS Automation Gateway hardware equipment on the cloud for customers to share and use, so that customers can achieve SM2 HTTPS encryption without purchasing and deploying hardware gateway. The core performance indicator of this innovative service is the automatic configuration of dual algorithm dual SSL certificates, the difference is that the cloud service is only bound to one domain name. Customers only need to perform domain name resolution to complete domain name validation when it is enabled for the first time, and no longer need to do any more configuration, and the dual algorithm SSL certificate will be automatically configured during the service validity period. In order to ensure the private key security and comply with the upcoming international standard of shortening the certificate validity period to 90 days, the dual algorithm SSL certificate automatically configured by ZoTrus HTTPS Automation Cloud Service is valid for 90 days. The private key and certificates are updated every 90 days, not only Keys are kept secure, and standards are ensured now and in the future.
ZoTrus HTTPS Automation Cloud Service provides services to customers in the form of CDN+WAF service. The Basic Edition and Pro Edition are based on ZoTrus Technology self-built service nodes, the EX Pro Edition and EX Pro+ Edition are based on Alibaba Cloud CDN + WAF service, to meet customer's application needs for more service nodes and different bandwidth.
ZoTrus HTTPS Automation Cloud Service currently provides 4 different specifications of products, which can be used to automatically implement https encryption for website systems of various sizes, especially to meet the application needs of customers to implement SM2 https encryption with zero reconstruction. The performance parameters of various editions are shown in the table below. For customers with different requirements, products can be customized to meet the requirements.
ECC DV SSL certificate
ECC DV SSL certificate
ECC DV SSL certificate
ECC OV SSL certificate
4. Summary
ZoTrus HTTPS Automation Cloud Service is not only an innovative zero trust website security service designed for website security, but also a cloud-native service. All services are provided directly through cloud services. Customers do not need to apply for an SSL certificate from the CA, and there is no need to installing an SSL certificate or ACME client software on the Web server, and there is no need to purchase hardware gateway. Customers only need to do CNAME resolution to automatically implement https encryption, CDN distribution and WAF protection, which greatly reduces efforts, threshold, and cost to ensure website security. It is a three-dimensional website security protection solution. ZoTrus HTTPS Automation Cloud Service seamlessly switches from plaintext HTTP to HTTPS encryption with zero reconstruction, zero maintenance, zero disturb, and zero hardware. It is the first choice for SM2 HTTPS encryption reconstruction and system security upgrade.