SM2 Certificate Transparency (SM2 CT)

Refer to the international Certificate Transparency mechanism,
establish the SM2 Certificate Transparency mechanism
ZoTrus work hard to build the SM2 certificate transparency ecosystem
Protect the security and trust of SM2 SSL certificate and ensure
the security of China website system

1. Refer to the international Certificate Transparency mechanism, establish the SM2 Certificate Transparency mechanism

HTTPS encryption is a must for website security. All browsers zero trust to HTTP cleartext website - directly display “Not secure” in the address bar. And how to ensure the security of SSL certificate used for HTTPS encryption, the answer is to setup certificate transparency mechanism led by Google, and it has successfully protected security of more than 7.6 billion SSL certificates in the world, effectively eliminating the maliciously or mistakenly issued SSL certificate.

At present, China is vigorously promoting the popularization of the SM2 algorithm SSL certificate and promoting the popularization of the SM2 HTTPS encryption to ensure the security of China website system. However, at present, the SM2 SSL certificate issued by China CA operators does not support the certificate transparency, because the current certificate transparency log system does not support the SM2 algorithm and the SM2 SSL certificate. How to ensure the security and trust of the SM2 SSL certificate? The answer is to learn from the international certificate transparency system and establish the SM2 certificate transparency system.

The international certificate transparent system has formed a series of ecological products since 2013 that support certificate transparency, including the certificate transparency log system for signing certificate timestamp of the SSL certificate. The browsers support certificate transparency that can verify the SCT data embedded in the SSL certificate, CA operators can issue SSL certificate embedding SCT data. In addition, the browser must trust these SSL certificates that already embedded SCT data. At present, China does not have these certificate transparency ecological products that support SM2 algorithm and SM2 SSL certificate.

To learn more about the international certificate transparency, please visit its official website:https://certificate.transparency.dev

2. ZoTrus work hard to build SM2 certificate transparency ecosystem

Richard Wang, the founder of ZoTrus Technology, has 18 years of experience in the research and development CA system and operation of international CA business. He fully recognizes that China must have the certificate transparency ecological products that support SM2 algorithm to ensure that the SM2 SSL certificate is secure and trust, otherwise China will not be able to popularize the use of SM2 SSL certificates to ensure the security of China website system. ZoTrus Technology has invested in R & D, it lasted for 15 months to successfully build the world's first certificate transparency ecosystem in October 2022 that supports SM2 algorithm, including the world's first SM2 certificate transparency log system, the world's first SM2 browser that support SM2 certificate transparency – ZT Browser, the world's first CA system that can issue SM2 SSL certificate with SM2 SCT data – ZoTrus Cloud SSL System.

ZoTrus work hard to build SM2 certificate transparency ecosystem

2.1 ZoTrus Certificate Transparency Log System

This is the world's first certificate transparency log system implemented with the SM2 algorithm and is the first to provide certificate transparency log service for the SM2 SSL certificates issued by CerSign Technology and ZoTrus Technology that it enhances the confidence and trust to the SM2 SSL certificates issued by CerSign and ZoTrus. And this system has also opened to all ZT Browser trusted CA operators to provides a free SM2 certificate transparency log service to ensure that the SM2 SSL certificates issued by these CA operators will be secure and trust.

ZoTrus SM2 Certificate Transparency Log Service only accepts SM2 algorithm SSL certificates and does not accept the RSA/ECC SSL certificates. Certificate transparency signed certificate timestamp (SCT) data uses the SM3_SM2 algorithms to implement digital signature. Browser and operating systems that do not support the SM2 algorithms will not be able to resolve the SCT data embedded in the SM2 SSL certificate normally, then, of course, can’t verify the SCT data in the SM2 SSL certificate.

There are three ZoTrus SM2 Certificate Transparency Log System have deployed: https://log.sm2ct.cn/2023, https://sm2ct.cersign.cn/2023, https://log.sm2ct.com/2023, located at JD Cloud Guangzhou node, Huawei Cloud Guangzhou node, Amazon Cloud Singapore node. These 3 deployed ZoTrus SM2 Certificate Transparency Log System are included and trusted by ZT Browser.

To learn more about the SM2 Certificate Transparency, please visit the official website:https://sm2ct.com

2.2 ZoTrus Cloud SSL System

This is the world's first CA system that can issue SM2 SSL certificate that supports the SM2 certificate transparency. Each SM2 SSL certificate issued includes ZT Browser trusted SCT data, to guarantee each SM2 SSL certificate is trustworthy and protecting against SSL man-in-the-middle attacks.

As shown in the left figure below, the SCT data embedded in the SM2 SSL certificate issued by ZoTrus Cloud SSL system, the SM2 signature algorithm of the SCT data is normally displayed in the ZT Browser Certificate Viewer. And if you use the Windows certificate viewer to view it, as shown in the right figure below, the SCT data can be identified in the certificate SCT List field, and it can display most of the important information in the SCT data normally, but it cannot identify the signature algorithm of the SCT data.

ZoTrus Cloud SSL System ZoTrus Cloud SSL System

The ZoTrus Cloud SSL System also has a special characteristic of the automatic support for each issued SM2 SSL certificate matching a public trusted ECC SSL certificate with the same domain name, this is dual SSL certificate issuance system that it is convenient for users to deploy dual SSL certificates, to realize the adaptive encryption of dual algorithms, meet the actual application needs of users to support all browsers, and realize cryptography compliance and global trust.

ZoTrus Cloud SSL System ZoTrus Cloud SSL System

2.3 ZT Browser

This is the world's first SM2 browser that support the SM2 Certificate Transparency. The world's first browser that verify the SM2 certificate transparency SCT data embedded in the SM2 SSL certificate in real time. ZT Browser has included and trust the three SM2 certificate transparency log servers that have deployed by ZoTrus Technology, and display “SM2 Certificate Transparency” for website that deployed ZT Browser trusted SM2 SSL certificate with SM2 SCT data signed by the three ZoTrus SM2 Certificate Transparency Log systems and shows that the SM2 certificate transparency log system URL, as it shows in the left figure below. If the website has deployed an SM2 SSL certificate that is trusted by ZT Browser but does not embed the SCT data, it will display “SM2 Certificate NOT Transparency”.

ZT Browser ZT Browser

ZT Browser is planned to adopt the same CT policy as Google Chrome from July 1, 2023. If the SM2 SSL certificate that does not embed ZT Browser trusted SCT data, then ZT Browser will display “Not secure” in the address bar. That is the same warning page for certificate transparency in the open-source Chromium code, clearly reminds the user that the SM2 SSL certificate has not been publicly disclosed using the certificate transparency policy that it is for ensuring that this SM2 SSL certificate is trustworthy and protects against attackers.

ZT Browser

Welcome to download for free and use the world's first completely free SM2 browser – ZT Brrowser that supports the SM2 Certificate Transparency.

2.4 ZoTrus Website Security Cloud Service

ZoTrus Website Security Cloud Service is the world's first innovative cloud service that realizes SM2 https encryption with zero transformation. It is jointly built by ZoTrus Technology and Alibaba Cloud. Customers do not need to apply for a SM2 SSL certificate, don’t need to install the SM2 SSL certificate, and the web server does not require any SM2 cryptography transformation. Customers only need to do 3 domain name resolutions, then ZoTrus Cloud SSL System can automatically configure one SM2 SSL certificate and one ECC SSL certificate into the Alibaba Cloud CDN+WAF service system, turning the original website into a CDN source website, automatically enable Alibaba Cloud CDN content distribution and cloud WAF protection, and automatically enable HTTPS encryption, which completely solves the problems of high cost and long period of SM2 transformation.

The SM2 SSL certificate automatically configured by ZoTrus Website Security Cloud Service already embeds the SM2 certificate transparency log data (SCT) to ensure the security and trustworthiness of the SM2 SSL certificate; the automatically configured global trusted ECC SSL certificate also embeds international certificate transparency log data (SCT) to ensure the security and trustworthiness of the ECC SSL certificate itself. ZT Browser preferentially use the SM2 algorithm to implement the https encryption, and other browsers that do not support SM2 algorithm use the ECC algorithm to implement the https encryption.

ZoTrus Website Security Cloud Service

ZoTrus Website Security Cloud Service, no need for SM2 cryptography transformation, one-click implementation of SM2 https encryption, cloud WAF protection, CDN distribution and website trusted identity validation, which can quickly and efficiently ensure website security and meet the cryptography protection and cybersecurity protection compliance requirements for all government websites and all key information infrastructure systems.

Welcome to purchase the world's first zero-transformation ZoTrus Website Security Cloud Service that realizes SM2 https encryption automation.

2.5 ZoTrus Nginx SM2 Module

For customers who want to deploy the SM2 SSL certificate by themselves, they need to transform the web server software to support the SM2 algorithm and SM2 SSL certificate. ZoTrus Nginx SM2 Module can be used for the Nginx web server SM2 support transformation, it is not only completely free, but also has no usage restrictions. Customers just only need to recompile the Module into the Nginx system.

The three innovative products of ZoTrus Technology have formed a complete ecological product chain. Among them, ZoTrus Cloud SSL System provides SM2 SSL certificates that support the SM2 certificate transparency and ECC SSL certificate for global trust, including complete free 90-day SM2 SSL certificate and 90-day ECC SSL certificate; plus the completely free ZoTrus SM2 Nginx Module and the completely free SM2 supported browser – ZT Browser, these SM2 certificate transparency ecological innovation products can let customers implement and experience the SM2 https encryption completely free of charge, and the self-adaptive encryption algorithm is deployed with dual certificates to meet the requirement for global trust and cryptography compliance.

ZoTrus Nginx SM2 Module

Users who want to deploy dual SSL certificates to experience the SM2 https encryption for free can click here to apply for a free 90-day SM2 SSL certificate that supports SM2 certificate transparency and a free 90-day publicly trusted ECC SSL certificate, click here to download for free ZoTrus Nginx SM2 Support Module, click here to download the free ZT Browser that supports SM2 certificate transparency and SM2 SSL certificate, to experience different certificate transparent implementation of SM2 https encryption and global trust for free, and to experience how to support all browsers, how to implement adaptive algorithm https encryption.

3. Protect the security and trust of SM2 SSL certificate and ensure the security of China website system

The three SM2 certificate transparency ecosystem products innovative created by ZoTrus Technology are ZoTrus SM2 Certificate Transparency Log System, ZoTrus Cloud SSL System, ZT Browser, plus the completely free ZoTrus Nginx SM2 Module, make the realizing SM2 https encryption at zero cost. The ZoTrus Website Security Cloud Service is an innovative cloud service that realizes the SM2 https encryption with zero transformation, completely reduces the cryptography compliance threshold, and meets the cryptography compliance requirements with one click. ZoTrus Technology not only provides the SM2 certificate transparency eco-system products to ensure the security of the SM2 SSL certificate, but also provides a complete solution to realize the SM2 HTTPS encryption automation, which will further promote the rapid application of the SM2 HTTPS encryption, thereby ensuring the security of China website and information system.

China cyberspace security need, should, and must be protected by China cryptography! ZoTrus Technology makes great efforts to create SM2 certificate transparency ecosystem products and HTTPS encryption service without cryptography transformation to ensure the security of China websites and systems! No need to cryptography transformation, making the popularization of SM2 https encryption a reality! The deployment of dual SSL certificates can effectively ensure that no matter what international situation occurs, it will not affect the normal encrypted operation of website! China Cryptography is in action! Several provincial government portal websites, online banking systems, and corporate websites have enabled SM2 https encryption, which effectively protects the security and trustworthiness of China e-government system, online banking system and business management system!

Be Prepared, Plan Ahead! Be prepared for danger in times of peace, take precautions!