Zero reconstruction, zero hardware, zero maintenance

SM2 HTTPS Automation Cloud Service

Based on zero trust principles, never trust plain text http websites

Automatic configuration of the SM2 SSL certificate and ECC SSL certificate

Zero reconstruction of the original web server to automatically realize SM2 https encryption, adaptive https algorithm

ZoTrus SM2 HTTPS Automation Cloud Service is an innovative cloud service that turns the gateway hardware product into a completely new innovative cloud service by deploying ZoTrus SM2 HTTPS Automation Gateway to many IDCs. It is an innovative one-stop solution to website security problems that integrates https encryption, WAF protection, and website trusted identity validation. It only takes three domain name resolutions to enjoy website security cloud service, which fully guarantees the security of the website, while meeting the requirements of regulation compliance and zero trust application.

ZoTrus SM2 HTTPS Automation Cloud Service, fully automatic configures ECC algorithm and SM2 algorithm dual SSL certificate, it is divided into Basic Edition, Pro Edition, Ex Pro Edition and EX Pro Plus Edition according to different types of automatically configured SSL certificates and different WAF protection capabilities. All browsers will display the padlock. All Edition will enhance display the trusted identity of the website in ZT Browser, display SM2 encryption icon, the green address bar, cloud WAF protection icon, and enhance online trust. If some customers have special protection requirements, please contact us for customization. If there is any unclear place, welcome to scan the QR code to add customer service WeChat account, contact customer service team for consultation, thank you.

1. Service Introduction

ZoTrus SM2 HTTPS Automation Cloud Service is an innovative cloud service that turns the gateway hardware product into a completely new innovative cloud service by deploying ZoTrus SM2 HTTPS Automation Gateway to many IDCs, it can meet the practical application needs of customers who want to realize the SM2 HTTPS automation but do not want or cannot deploy a hardware gateway locally, allowing customers to enjoy the same high-performance HTTPS encryption automation without purchasing a hardware gateway.

ZoTrus SM2 HTTPS Automation Cloud Service

The biggest features and characteristics of ZoTrus SM2 HTTPS Automation Cloud Service are zero hardware deployment, zero application for SSL certificates, zero installation of SSL certificates, built-in SM2 ACME client software, automatic docking with ZoTrus SM2 ACME Service System, automatic application for dual algorithmic dual SSL certificate automatically to realize SM2 https encryption, CDN distribution and cloud WAF protection, so that the website system does not need to apply for an SSL certificate from the CA, and does not need to purchase CDN/WAF services separately. It automates the application, deployment, and renewal of dual SSL certificates to ensure business system implements https encryption with zero reconstruction and provides automatic https encryption services to business systems without interruption.

2. Main Functions

The core function of ZoTrus SM2 HTTPS Automation Cloud Service is zero modification of the original server. There is no need to install an SSL certificate on the server, no need to install ACME client software on the server, no need to upgrade the server software to support the SM2 algorithm, and no need to purchase and localize the ZoTrus SM2 HTTPS Automation Gateway, just need to purchase the Cloud service and do the domain name resolution twice to immediately enable the ZoTrus SM2 HTTPS Automation Cloud Service, providing https encryption services 24 hours a day, 365 days a year. A completely free SM2 browser that supports SM2 algorithm and SM2 certificate transparency - ZT Browser preferentially uses the SM2 algorithm to implement https encryption, other browsers that do not support SM2 algorithm and SM2 certificate transparency use ECC algorithm to implement https encryption.

The dual-algorithm dual-SSL certificate required for HTTPS encryption is automatically completed by ZoTrus SM2 HTTPS Automation Cloud Service connected to the ZoTrus Cloud SSL System to apply for the dual-SSL certificate, validate the domain name, retrieve the issued SSL certificate, install the SSL certificate, and enable the SSL certificate. The automatically configured ECC SSL certificate is globally trusted and supports the certificate transparency, it is issued by ZoTrus brand intermediate root certificate - ZoTrus ECC DV SSL CA, its root CA certificate is the world oldest ECC algorithm root CA certificate - Sectigo ECC, and the entire chain uses ECC Algorithm, the encryption speed is 18 times faster than the RSA algorithm SSL certificate, to fast access the website by end users. The automatically configured SM2 SSL certificate is compliant with the Cryptography Law and trusted by all SM2 browsers. It is currently the only SM2 SSL certificate in the world that supports the SM2 Certificate Transparency. It is issued by ZoTrus brand intermediate root certificate - SM2 SSL Pro CA, its root CA certificate is Guizhou SM2 CA that Guizhou CA has the CA license issued by MIIT and SCA, the entire chain uses the SM2 algorithm, the encryption speed is 20 times faster than the RSA algorithm, to fast access the website by end users. The certificate chain file of the automatically configured dual SSL certificate is the smallest, saving IDC traffic and user mobile phone traffic, saving IDC power consumption and user mobile phone power consumption, and is more environmentally friendly.

ZoTrus SM2 HTTPS Automation Cloud Service provides HTTPS encryption services based on the content distribution network (CDN). There are two different types of services: self-built nodes based and Alibaba CDN nodes based. The difference is that the former service node is fewer than the latter, but they are all fully automatically configured with dual algorithm dual SSL certificates, automatically realizing SM2 HTTPS encryption, rapid content distribution and edge WAF services.

ZoTrus SM2 HTTPS Automation Cloud Service has a built-in WAF module. This module is developed based on the open source ModSecurity system, which supports commonly used Web Application Firewall functions, such as: preventing SQL injection, preventing cross-site scripting attacks (XSS), preventing attacks using local files containing vulnerabilities, and preventing the use of remote File (including vulnerabilities) attacks, preventing attacks using remote command execution vulnerabilities, preventing PHP code injection, preventing malicious access that violates the HTTP protocol, preventing attacks using remote proxy infection vulnerabilities, preventing attacks using Shellshock vulnerabilities, and preventing the use of Session sessions Vulnerabilities with the same ID can be used to attack, prevent malicious scanning of websites, prevent source code or error information leakage, blacklist honeypot projects, and perform IP blocking based on judging the IP address attribution, etc.

The main eight functions of ZoTrus SM2 HTTPS Automation Cloud Service are:

(1)

Zero reconstruction for https encryption

The original server does not need to install an SSL certificate, no need to install SM2 ACME client software, zero reconstruction to realize SM2 https encryption, adaptive encryption algorithm, support RSA/ECC/SM2 algorithm to realize https encryption, and it supports two-way authentication.

(2)

Automatically configure SSL certificates

By default, dual SSL certificates (ECC/SM2) are automatically configured for the website domain name for free. Customer do not need to apply for an SSL certificate from a CA, and do not need to install and configure an SSL certificate.

(3)

Zero reconstruction for cryptography compliance

With zero reconstruction of the original web server, only two domain name resolutions are needed to instantly automatically implement the SM2 HTTPS encryption, quickly meeting the customer's cryptography compliance application needs with one click.

(4)

High-performance https offloading

Completely take over and assume the SSL encryption function of the original server, greatly reducing the performance pressure on the original server, allowing the original server to be dedicated to the business system, and greatly improving the response speed of client access.

(5)

CDN high-speed distribution

Multiple IDCs and multiple cloud platform ECSs realize high-speed content distribution, solve cross-region and cross-operator network performance problems, high-performance and flexible caching strategies, page performance optimization, etc.

(6)

Cloud Web Application Firewall Protection

Based on the development of the industry-leading open source ModSecurity system, it supports common Web Application Firewall functions, provides security cleaning protection for https offloading traffic, and only forwards normal and secure traffic to the internal server behind.

(7)

Ready to use, one-click activation

You only need to perform domain name resolution twice, enable cloud services immediately, start HTTPS encryption immediately, and implement SM2 HTTPS encryption immediately, providing uninterrupted HTTPS encryption services for websites and business systems to ensure website security.

(8)

Website trusted identity certification

Free website trusted EV certification service worth 388 RMB Yuan. ZT Browser directly displays the website owner name and T4 certification icon in the green address bar to enhance online trust and promote more online orders.

3. Performance Indicators

ZoTrus SM2 HTTPS Automation Cloud Service provides an efficient, secure, transparent, zero-deployment, zero-reconstruction, and automatic innovative cloud service to implement https encryption. Customers do not need to purchase additional CDN/WAF that require manual application and deployment of SSL certificates, a high-quality CDN+WAF service that automatically configures dual SSL certificate, can greatly improve the user experience visiting the website and ensure the uninterrupted and reliable operation of the business system 24 x 365.

ZoTrus SM2 HTTPS Automation Cloud Service is a cloud service that deploys ZoTrus SM2 HTTPS Automation Gateway hardware equipment on the cloud for customers to share and use, so that customers can achieve SM2 HTTPS encryption without purchasing and deploying hardware gateway. The core performance indicator of this innovative service is the automatic configuration of dual algorithm dual SSL certificates, the difference is that the cloud service is only bound to one domain name. Customers only need to perform domain name resolution to complete domain name validation when it is enabled for the first time, and no longer need to do any more configuration, and the dual algorithm SSL certificate will be automatically configured during the service validity period. In order to ensure the private key security and comply with the upcoming international standard of shortening the certificate validity period to 90 days, the dual algorithm SSL certificate automatically configured by ZoTrus SM2 HTTPS Automation Cloud Service is valid for 90 days. The private key and certificates are updated every 90 days, not only Keys are kept secure, and standards are ensured now and in the future.

ZoTrus SM2 HTTPS Automation Cloud Service provides services to customers in the form of CDN+WAF service. The Basic Edition and Pro Edition are based on ZoTrus Technology self-built service nodes, the EX Pro Edition and EX Pro+ Edition are based on Alibaba Cloud CDN + WAF service, to meet customer's application needs for more service nodes and different bandwidth.

ZoTrus SM2 HTTPS Automation Cloud Service currently provides 4 different specifications of products, which can be used to automatically implement https encryption for website systems of various sizes, especially to meet the application needs of customers to implement SM2 https encryption with zero reconstruction. The performance parameters of various editions are shown in the table below. For customers with different requirements, products can be customized to meet the requirements.

Edition

Basic

Pro

EX Pro

EX Pro+

Model

MG-1-1

MG-1-2

MG-1-3

MG-1-4

CDN Provider

Self-built nodes

Alibaba CDN nodes

Auto-configure SSL certificate type

SM2 DV SSL certificate
ECC DV SSL certificate

SM2 OV SSL certificate
ECC DV SSL certificate

SM2 EV SSL certificate
ECC DV SSL certificate

SM2 EV SSL certificate
ECC OV SSL certificate

WTIV Type

Domain Validation

CNAME

Service Effective Time

10 mins

Certificate Auto-renewal

Yes

Dedicated SSL Certificate

Yes

Domain Recorded Req

Yes

QPS

100

200

300

400

Bandwidth

10M

20M

25M

30M

Downstream Traffic

10TB

20TB

30TB

40TB

Cloud WAF Protection

Yes

ZT Browser Special Display

Padlock+T4 icon + WAF icon, green address bar, Org name

Scope

Personal websites and SME websites with less than 100 QPS

Mid-to-large enterprise websites with less than 200 QPS

Mid-to-large enterprise websites with less than 300 QPS

Large enterprises, government agencies, banks websites with less than 400 QPS

4. Summary

ZoTrus SM2 HTTPS Automation Cloud Service is not only an innovative zero trust website security service designed for website security, but also a cloud-native service. All services are provided directly through cloud services. Customers do not need to apply for an SSL certificate from the CA, and there is no need to installing an SSL certificate or ACME client software on the Web server, and there is no need to purchase hardware gateway. Customers only need to do CNAME resolution to automatically implement https encryption, CDN distribution and WAF protection, which greatly reduces efforts, threshold, and cost to ensure website security. It is a three-dimensional website security protection solution. ZoTrus SM2 HTTPS Automation Cloud Service seamlessly switches from plaintext HTTP to HTTPS encryption with zero reconstruction, zero maintenance, zero disturb, and zero hardware. It is the first choice for SM2 HTTPS encryption reconstruction and system security upgrade.