About the UI displaying "Not secure"

ZT Browser is developed based on the open-source Chromium, the default UI to the HTTP website displays "Not secure", which is also the default display of all browsers, because the HTTP protocol is not encrypted, all information from browser to servers is transmitted in cleartext, which is very easy to be illegally stolen and illegally tampered and cannot ensure the security of confidential information. Please refer to the innovation UI Icon Summary of ZT Browser for details.

About the ZT Browser UI displaying Not secure

The only solution is to deploy SSL certificate on the website to implement HTTPS encryption, so that the browser will not display "Not secure", but a secure padlock. This requires users to apply for SSL certificate from CA, with free or charged. After applying for the SSL certificate, users need to install the SSL certificate on the server, configure and enable the SSL certificate to implement HTTPS encryption.

But if the website fails to correctly deploy the SSL certificate, ZT Bowser will display the red "Not secure" warning, such as: the certificate is revoked, the certificate is expired, the domain name is not matched, the SHA1 certificate, the SCT data without or invalid, the root certificate is not trusted, etc., the specific meanings are as follows. There is also a special case that needs to be noted. If the webpage contains unsecure elements or has an unsecure HTTP hyperlink, the browser still shows the security padlock, but clicking on the padlock will display "Your connection to this site is not fully secure". Therefore, it is recommended to delete the unsecure elements in the webpage and modify the unsecure HTTP hyperlink to HTTPS hyperlink.

ERR_CERT_AUTHORITY_INVALID

The root certificate is not trusted

ERR_CERT_COMMON_NAME_INVALID

The domain name is not matched

ERR_CERT_DATE_INVALID

The certificate is expired

ERR_CERT_REVOKED

The certificate is revoked

ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Weak signature algorithm used (MD5、SHA1)

ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

the SCT data without or invalid

ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

Cannot fallback to unsecure protocol

ERR_SSL_WEAK_EPHEMERAL_DH_KEY

Weak Diffie-Hellman key used

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

TLS version or cipher strength too low

ERR_CERT_VALIDITY_TOO_LONG

The certificate validity is too long

ERR_TOO_MANY_REDIRECTS

Too many redirects

It is recommended to choose the ZoTrus HTTPS automation management solution, which does not need to apply for an SSL certificate from a CA, install an SSL certificate on the web server, or install ACME client software on the web server, and fully automatically implement https encryption and WAF protection. Since the validity period of SSL certificates will be shortened to 47 days, the traditional solution of manually applying for and deploying SSL certificates cannot meet the application requirements of many website systems that need to deploy SSL certificates, and the automatic management of SSL certificates must be realized. In particular, the critical information infrastructure system that needs to realize the SM2 algorithm HTTPS encryption, the solution that does not affect the normal operation of the existing business system with zero transformation of the original web server is required, ZoTrus solution not only automatically deploys the RSA/ECC SSL certificate, but also automatically deploys the SM2 SSL certificate to realize the automatic management of the dual-algorithm SSL certificate. ZT Browser preferentially uses the SM2 algorithm to achieve HTTPS encryption, and other browsers that do not support the SM2 algorithm use the ECC algorithm to achieve HTTPS encryption.