feat: initial commit of trustlab-docs

2026-01-26 13:32:08 +07:00 · 2026-01-08 15:03:32 +07:00
commit 6c5b0c53ae
31 changed files with 8109 additions and 0 deletions
--- a/pages/guide/certificates/_meta.json
+++ b/pages/guide/certificates/_meta.json
@@ -0,0 +1,6 @@
+{
+    "request-new": "Requesting a Certificate",
+    "download-install": "Download & Formats",
+    "renewal": "Renewal Process",
+    "revocation": "Revocation"
+}
--- a/pages/guide/certificates/download-install.mdx
+++ b/pages/guide/certificates/download-install.mdx
@@ -0,0 +1,39 @@
+# Download & Formats (PEM, PFX, JKS)
+
+Once your certificate is issued, you can download it in various formats suitable for different servers and applications.
+
+## Available Formats
+
+| Format | Extension | Used For |
+| :--- | :--- | :--- |
+| **PEM (Nginx/Apache)** | `.crt`, `.key` | Standard Linux web servers. You get separate Certificate and Private Key files. |
+| **PFX / PKCS#12** | `.pfx`, `.p12` | IIS (Windows), Microsoft Exchange, Client Certificates (S/MIME). Contains both key and cert. |
+| **JKS (Java)** | `.jks` | Java applications (Tomcat, Spring Boot). |
+
+## How to Download
+
+1. Go to **"My Certificates"** in the dashboard.
+2. Click on the certificate ID or the **"View"** button.
+3. Scroll to the **"Downloads"** section.
+4. Select the format you need and click **Download**.
+
+> [!WARNING]
+> The **Private Key** is generated securely. If you lose it, you cannot recover it. You must revoke and re-issue the certificate.
+
+## Installation Examples
+
+### Nginx (PEM)
+```nginx
+server {
+    listen 443 ssl;
+    server_name internal.app;
+
+    ssl_certificate     /etc/nginx/ssl/internal.app.crt;
+    ssl_certificate_key /etc/nginx/ssl/internal.app.key;
+}
+```
+
+### Windows (PFX)
+1. Double-click the downloaded `.pfx` file.
+2. Follow the "Certificate Import Wizard".
+3. When prompted for a password, enter the password you set during download (or the default export password provided in the UI).
--- a/pages/guide/certificates/renewal.mdx
+++ b/pages/guide/certificates/renewal.mdx
@@ -0,0 +1,26 @@
+# Renewal Process
+
+Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.
+
+## When to Renew
+You will receive an email notification:
+- **30 days** before expiration.
+- **7 days** before expiration.
+- **1 day** before expiration.
+
+## How to Renew
+
+1. Log in to TrustLab.
+2. Navigate to **"My Certificates"**.
+3. Identify certificates marked with the **"Expiring Soon"** badge.
+4. Click the **"Renew"** button next to the certificate.
+5. Review the details (CN, SANs). You can add or remove SANs at this stage.
+6. Click **Confirm Renewal**.
+
+## What Happens Next?
+- A **new certificate** is generated with a new validity period.
+- The **Private Key** remains the same (if "Reuse Key" was selected) OR a new key is generated (recommended).
+- The old certificate remains valid until its original expiration date (unless revoked).
+
+> [!IMPORTANT]
+> You must **download and install the new certificate** on your server. Renewal **does not** happen automatically on the server side unless you use our ACME integration.
--- a/pages/guide/certificates/request-new.mdx
+++ b/pages/guide/certificates/request-new.mdx
@@ -0,0 +1,31 @@
+# Requesting a New Certificate
+
+TrustLab allows you to request private SSL/TLS certificates for various internal uses.
+
+## Prerequisites
+- You must have an active TrustLab account.
+- You must have the **Root CA** installed on your machine.
+
+## Step-by-Step Guide
+
+1. **Log in to Dashboard**
+   Navigate to the TrustLab Dashboard and login with your credentials.
+
+2. **Navigate to "New Certificate"**
+   Click on the **"New Request"** button in the top navigation bar or the main dashboard card.
+
+3. **Select Certificate Profile**
+   Choose the profile that matches your need:
+   - **Internal Web Server**: For HTTPS on internal tools (e.g., specific IP or `.local` domains).
+   - **User / S/MIME**: For email signing and encryption.
+   - **Code Signing**: For signing scripts and executables.
+
+4. **Fill in Details**
+   - **Common Name (CN)**: The primary domain name or IP address (e.g., `internal.app` or `192.168.1.50`).
+   - **Subject Alternative Names (SANs)**: Additional domains or IPs (optional).
+   - **Validity Period**: Choose between 90 days, 1 year, or custom (if allowed).
+
+5. **Submit Request**
+   Click **"Submit"**. The system will process your request. 
+   - If **Auto-Approval** is enabled for your role, the certificate is issued immediately.
+   - If **Manual Approval** is required, the status will be `PENDING` until a Manager approves it.
--- a/pages/guide/certificates/revocation.mdx
+++ b/pages/guide/certificates/revocation.mdx
@@ -0,0 +1,23 @@
+# Revocation (Cabut Sertifikat)
+
+Revocation invalidates a certificate before its expiration date. This is critical if a Private Key is compromised.
+
+## When to Revoke?
+- **Key Compromise**: You suspect someone stole your Private Key.
+- **Service Change**: The domain name effectively no longer belongs to the service.
+- **Mistake**: The certificate was issued with incorrect details.
+
+## How to Revoke
+
+1. Open the Certificate Detail page.
+2. Click the **"Revoke"** button (Danger Zone).
+3. Select a **Reason Code**:
+   - `unspecified` (0)
+   - `keyCompromise` (1)
+   - `cACompromise` (2)
+   - `superseded` (4)
+   - `cessationOfOperation` (5)
+4. Confirm the action.
+
+## CRL (Certificate Revocation List)
+Once revoked, the certificate serial number is added to the TrustLab CRL. All clients checking the CRL will immediately reject the certificate.