feat: initial commit of trustlab-docs

pages/guide/integrations/_meta.json

@@ -0,0 +1,5 @@
+{
+    "smime": "S/MIME for Email",
+    "web-servers": "Web Servers (Nginx/IIS)",
+    "code-signing": "Code Signing"
+}

pages/guide/integrations/code-signing.mdx

@@ -0,0 +1,23 @@
+# Code Signing
+
+Code signing ensures that scripts and executables have not been tampered with and originate from a trusted source (Internal Developer).
+
+## Supported Formats
+- **Microsoft Authenticode** (Executables, PowerShell scripts)
+- **Java Archive** (JAR files)
+
+## Signing with SignTool (Windows)
+
+1. **Install SignTool**: Included in the Windows SDK.
+2. **Download PFX**: Get your Code Signing certificate in `.pfx` format.
+3. **Run Command**:
+
+```powershell
+signtool sign /f "MyCert.pfx" /p "password" /tr http://timestamp.digicert.com /td sha256 /fd sha256 .\MyApp.exe
+```
+
+- `/tr`: Timestamp Server (Recommended so the signature is valid even after cert expiry).
+- `/fd`: File Digest algorithm (Use SHA256).
+
+## Verifying Signature
+Right-click the `.exe` file -> **Properties** -> **Digital Signatures** tab. You should see "TrustLab Internal CA" in the certificate path.

pages/guide/integrations/smime.mdx

@@ -0,0 +1,28 @@
+# S/MIME Email Security
+
+Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to **sign** and **encrypt** internal emails.
+
+- **Signing**: Proves the email actually came from you (prevents spoofing).
+- **Encryption**: Ensures only the intended recipient can read the message.
+
+## Prerequisites
+- A TrustLab certificate with the **S/MIME** profile.
+- Downloaded in **PFX (.p12)** format.
+
+## Outlook (Windows) Setup
+1. Open Outlook. Go to **File > Options > Trust Center**.
+2. Click **Trust Center Settings > Email Security**.
+3. Under "Encrypted Email", click **Settings**.
+4. Click **Choose** for Signing Certificate and select your TrustLab ID.
+5. Click **OK**.
+
+## Thunderbird Setup
+1. Go to **Settings > Privacy & Security**.
+2. Scroll to **Certificates** and click **Manage Certificates**.
+3. Under **"Your Certificates"**, click **Import**.
+4. Select your `.p12` file.
+5. Go back to Account Settings > Security.
+6. Select the certificate for **Digital Signing** and **Encryption**.
+
+> [!TIP]
+> To send encrypted email to a colleague, you must first possess their Public Key (usually by receiving a signed email from them first).

pages/guide/integrations/web-servers.mdx

@@ -0,0 +1,52 @@
+# Web Server Configuration
+
+Configuring SSL/TLS on internal web servers is the most common use case for TrustLab.
+
+## Nginx Configuration
+
+Ensure you have downloaded the **PEM** format bundle (contains `.crt` and `.key`).
+
+```nginx
+server {
+    listen 80;
+    server_name internal.app;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name internal.app;
+
+    # SSL Configuration
+    ssl_certificate     /path/to/internal.app.crt;
+    ssl_certificate_key /path/to/internal.app.key;
+
+    # Recommended Security Settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+}
+```
+
+## Apache (httpd)
+
+```apache
+<VirtualHost *:443>
+    ServerName internal.app
+    SSLEngine on
+    SSLCertificateFile "/path/to/internal.app.crt"
+    SSLCertificateKeyFile "/path/to/internal.app.key"
+</VirtualHost>
+```
+
+## IIS (Windows Server)
+
+For IIS, you must use the **PFX** format.
+
+1. Open **IIS Manager**.
+2. Select the server node.
+3. Open **Server Certificates**.
+4. Click **Import** in the actions pane.
+5. Select your `.pfx` file and enter the password.
+6. Go to your Site -> **Bindings**.
+7. Add **https** binding and select the imported certificate.