ZoTrus Dual-Algorithm SSL Certificate Automation Subscription Service

1. Service Introduction

SSL certificate management is often overlooked yet crucial in website maintenance. Statistics show that over 30% of website outages stem from expired SSL certificates, resulting in incalculable annual business losses. Starting March 15, 2026, the validity period of SSL certificates will be shortened from one year to six months. This means that what used to be an annual renewal will now require at least six months, inevitably leading to more website service disruptions. Even more alarming, the validity period will be further reduced to three months on March 15, 2027, and to one and a half months on March 15, 2029.

Faced with this transformation, the traditional manual certificate management model of application, validation, download, and deployment is no longer feasible. Whether for small and medium-sized enterprises or large organizations, an intelligent and automatic solution is needed to cope with the increasingly shorter certificate lifecycles. Currently, international automatic certificate management (ACME) services, such as Let's Encrypt, can only automate the management of SSL certificates using RSA/ECC algorithms, failing to meet the compliance and security requirements of China for SM2 algorithms.

ZoTrus Technology launched the SM2 ACME Public Service based on this real need. It simultaneously provides automatic management of dual algorithm SSL certificates using both the SM2 algorithm and RSA/ECC algorithm. This is not only a technological complement but also a timely solution driven by both policy and market forces. Note the phrase "public service" — it means providing automatic dual-algorithm SSL certificate services free of charge, without discrimination or restrictions. The free automatic configured SM2 SSL certificate (DFCA SM2 root CA) is shown in the left figure below, representing the SM2 certificate chain. The free automatic configured ECC SSL certificate (SSL.com ECC root CA) is shown in the right figure below, representing the ECC certificate chain.

The dual SSL certificate auto-configures by ZoTrus free SM2 ACME Public Service are 90-day validity certificates, meeting the validity period compliance requirements in advance, and will automatically switch to 47-day validity certificates before March 2029.

2. Practical Path of SSL Certificate Application Ecosystem: The Value of Immediate Action

SSL certificates are essential for implementing HTTPS encryption, which is a core foundation for the security of the Internet of Things. ZoTrus free SM2 ACME Public Service is a much-needed solution for the entire SSL certificate application ecosystem in China.

2.1 Website owners: Zero barriers to entry usher in the era of automation

Action Recommendation: If your website does not yet have automatic certificate management enabled, deploy it immediately. With the implementation of the new certificate policy on March 15th, traditional certificate management methods will face significant challenges, and your website may experience service disruptions due to failure to renew certificates on time.

2.2 Cloud service providers: rapidly enhancing product competitiveness

Action Recommendation: Cloud service providers' technical teams should immediately evaluate the SM2cerBot code, develop an integration plan within a month, and strive to launch relevant automatic certificate management functions before the full implementation of the new certificate policy, thereby seizing the market opportunity.

2.3 Network security equipment manufacturers: Building next-generation security hardware

Action Recommendation: Network security equipment manufacturers should immediately launch product integration projects to embed the ZoTrus open-source SM2 ACME client into their next-generation products, forming a complete and advanced solution that combines hardware, software, and services.

2.4 Domestic operating system vendors: Enhancing the native competitiveness of their systems

Action Recommendation: Domestic operating system manufacturers should immediately launch a automatic certificate management system integration project, adding SM2cerBot as a standard component to the next system version to form an overall advanced solution of "domestic operating system + SM2 certificate automation".

3. Dual-Algorithm Parallelism: A Smart Choice Balancing Security and Compatibility

ZoTrus SM2 ACME Public Service is its dual-certificate system, which utilizes both Chinese and international cryptographic algorithms. This design aligns with China's commercial cryptography promotion policies while also taking into account the complexity and diversity of real-world network environments. Especially in scenarios involving cross-border access and international business, the dual-certificate system ensures smooth user access.

The dual SSL certificates use elliptic curve algorithms: SM2 for the domestic standard and ECC internationally. Both provide 256-bit security strength, which is roughly equivalent to 3072-bit RSA, with shorter keys, faster computation, and superior performance in high-concurrency scenarios.

Against the backdrop of the looming threat of quantum computing, a dual-algorithm certificate system holds particular strategic significance. It provides a practical framework for a smooth transition to quantum-resistant cryptographic algorithms. Through an automatic management system, websites can implement hybrid PQC algorithm HTTPS encryption simply by upgrading their web servers to support post-quantum cryptographic algorithms, without impacting service. This provides a migration practice for a smooth transition to pure post-quantum cryptographic algorithms.

4. The Power of Open Source: SM2cerBot Will Change the Game

If free SM2 SSL certificate services solved the problem of "what is available", then the completely open-source SM2cerBot solves the crucial problem of "how to use it". The release of this SM2 ACME client software as an open-source project has profound industry significance.

Open source signifies transparency, trustworthiness, and scalability. Anyone can review code security, offer suggestions for improvement, and even develop customized versions to suit their needs. This open model accelerates technological innovation and ecosystem development. Developers can find the complete code for SM2cerBot on the GitCode/AtomGit open-source platform and perform secondary development and feature extensions as needed. This open strategy helps foster a healthy ecosystem for the application of SM2 SSL certificates.

Open-source certificate automation tools extend far beyond certificate management itself; they provide the entire industry with a standardized path to address the challenges of cryptographic algorithm migration. Once post-quantum cryptographic algorithm standards are established, automatic systems based on the ACME protocol can quickly adapt, enabling rapid algorithm upgrades across the entire network.

5. The Future of Automation: From "Managing Certificates" to "Certificate Self-Healing"

ZoTrus SM2 ACME service lies in transforming traditional manual management of SM2 SSL certificates into a fully automated process. This transformation is not merely an improvement in efficiency, but a revolution in security concepts.

Imagine if the application, validation, issuance, deployment, and renewal of all SM2 SSL certificates and RSA/ECC SSL certificates required by critical information system were fully automated. Maintenance personnel would only need to set initial policies, and the system could autonomously manage the entire lifecycle of the dual algorithm SSL certificates. This "set-and-forget" approach not only significantly reduces the possibility of human error but also greatly enhances the security level of critical information system.

From a longer-term perspective, automatic certificate management systems are the infrastructure for building quantum-safe networks. When post-quantum cryptography algorithms mature and need to be fully deployed, automatic systems can coordinate large-scale, complex algorithm migration processes, ensuring a secure and smooth transition for the entire network.

6. Profound Impact: Technological Changes Beyond Certificate Management

ZoTrus SM2 ACME service will extend far beyond certificate management itself; its launch may mark a significant shift across multiple industries. From a policy perspective, this service actively responds to China's policy direction of promoting commercial cryptography. Promoting the application of SM2 SSL certificates in a free and automatic manner will help accelerate the practical application of SM2 algorithms.

From a technological development perspective, the open-source ACME client provides a new reference case for the development of domestically developed basic software. Developers can use this codebase to create versions suitable for various operating systems and environments. From a security strategy perspective, the establishment of an automatic certificate management system provides a foundation for addressing quantum computing threats. Whether algorithm upgrades, key rotations, or certificate policy adjustments, the automatic system ensures that security measures are deployed quickly and consistently across the entire network.

From a business model perspective, ZoTrus "free basic service + paid professional services" model ensures both the accessibility of its services and creates market space for high-quality professional services. Users can flexibly choose according to their own needs, forming a virtuous cycle.

ZoTrus Technology firmly believes that its free ACME certificate service, through open-source software tools, will enable the rapid integration of SM2 algorithms into every layer of encrypted communication on China's Internet, truly ensuring the security of China's cyberspace with domestically developed cryptographic algorithms. More cloud service providers will integrate the SM2cerBot open-source code into their products, and network security equipment manufacturers and domestic operating system vendors will also begin launching product features based on automatic HTTPS encryption using Chinese cryptographic standards. This seemingly minor automation of SM2 SSL certificate management is paving the way for the upgrading of China's internet infrastructure.

This seemingly ordinary corner of digital security is rapidly transforming into one of the most active areas of technological innovation across the entire chain, from daily operations and maintenance to quantum defense. Its true value will gradually emerge over the next five years, laying a solid foundation for the upcoming major migration of cryptographic algorithms.