dyzulk/trustlab-docs
1
0
Fork 0
mirror of https://github.com/dyzulk/trustlab-docs.git synced 2026-01-26 13:32:08 +07:00
Code Issues Packages Projects Releases Wiki Activity

refactor: migrate to official nextra i18n and native navigation

Browse Source
This commit is contained in:
dyzulk
2026-01-09 08:22:46 +07:00
parent 0817284eae
commit 9ce5d01315
54 changed files with 980 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pages/en/guide/certificates/_meta.json Normal file
View File

@@ -0,0 +1,7 @@
{
"request-new": "Requesting a Certificate",
"view-details": "View Details",
"download-install": "Download & Formats",
"renewal": "Renewal Process",
"revocation": "Revocation"
}

43
pages/en/guide/certificates/download-install.mdx Normal file
View File

@@ -0,0 +1,43 @@
# Download & Formats (PEM, PFX, JKS)
Once your certificate is issued, you can download it in various formats suitable for different servers and applications.
## Available Formats
| Format | Extension | Used For |
| :--- | :--- | :--- |
| **PEM (Nginx/Apache)** | `.crt`, `.key` | Standard Linux web servers. You get separate Certificate and Private Key files. |
| **PFX / PKCS#12** | `.pfx`, `.p12` | IIS (Windows), Microsoft Exchange, Client Certificates (S/MIME). Contains both key and cert. |
| **JKS (Java)** | `.jks` | Java applications (Tomcat, Spring Boot). |
## How to Download (Copy & Save)
The dashboard allows you to copy the raw certificate data directly.
1. Navigate to **"My Certificates"** and click the **View (Eye Icon)** button on your certificate.
2. **Certificate:** Scroll to the "Certificate (CRT)" section and click the **Copy Icon** in the top right. Paste this into a file named `domain.crt` or `domain.pem`.
3. **Private Key:** Scroll to the "Private Key (KEY)" section, click **Show**, then click the **Copy Icon**. Paste this into a file named `domain.key`.
> [!TIP]
> Use a plain text editor (Notepad, VS Code, Nano) to save these files. Do not use Word or Rich Text editors.
> [!WARNING]
> The **Private Key** is generated securely. If you lose it, you cannot recover it. You must revoke and re-issue the certificate.
## Installation Examples
### Nginx (PEM)
```nginx
server {
listen 443 ssl;
server_name internal.app;
ssl_certificate /etc/nginx/ssl/internal.app.crt;
ssl_certificate_key /etc/nginx/ssl/internal.app.key;
}
```
### Windows (PFX)
1. Double-click the downloaded `.pfx` file.
2. Follow the "Certificate Import Wizard".
3. When prompted for a password, enter the password you set during download (or the default export password provided in the UI).

29
pages/en/guide/certificates/renewal.mdx Normal file
View File

@@ -0,0 +1,29 @@
# Renewal Process
Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.
## When to Renew
You will receive an email notification:
- **30 days** before expiration.
- **7 days** before expiration.
- **1 day** before expiration.
## How to Renew (Manual Re-issue)
To renew a certificate, you simply generate a fresh one with the same domain name.
1. Go to **Certificates** and click **"Generate New"**.
2. **Identity**: Enter the **same Common Name (CN)** as your expiring certificate.
3. **Generate**: The system will issue a new certificate with a fresh validity period.
4. **Replace**: Download the new `.crt` (and `.key` if you didn't reuse the CSI) and replace the files on your server.
> [!NOTE]
> The old certificate will remain valid until it expires naturally. You can safely delete it after verifying the new one works.
## What Happens Next?
- A **new certificate** is generated with a new validity period.
- The **Private Key** remains the same (if "Reuse Key" was selected) OR a new key is generated (recommended).
- The old certificate remains valid until its original expiration date (unless revoked).
> [!IMPORTANT]
> You must **download and install the new certificate** on your server. Renewal **does not** happen automatically on the server side unless you use our ACME integration.

53
pages/en/guide/certificates/request-new.mdx Normal file
View File

@@ -0,0 +1,53 @@
import { Steps, Callout, Cards, Card } from 'nextra/components'
import { FileBadge, ShieldCheck, Globe, Code, Save, AlertTriangle } from 'lucide-react'
# Requesting a New Certificate
TrustLab provides a streamlined wizard to generate private SSL/TLS certificates for your internal infrastructure.
## Prerequisites
Before starting, ensure you have:
* Active TrustLab account access.
* **Root CA** installed on your machine (to trust the generated certs).
---
<Steps>
### 1. Open Certificates Menu
Navigate to the **Certificates** page. This view lists all your active and expired certificates. Click the **"Generate New"** (or "+") button to start.
![Certificates List](/images/guide/certificates-screen.png)
### 2. Enter Domain Details (Default Mode)
By default, you only need to provide the Identity. The system will auto-fill the Organization & Location metadata.
![Default Generation Modal](/images/guide/certificates-generate-modal-default-metadata-screen.png)
* **Common Name (CN)**: The primary domain (e.g., `app.internal`).
* **SANs**: Additional domains or IP addresses.
* **Key Strength**: Choose the encryption level.
![Key Strength Selector](/images/guide/certificates-generate-modal-key-strength-focused-screen.png)
* **2048-bit**: Industry standard, compatible with all devices.
* **4096-bit**: Higher security, slightly more CPU intensive.
### 3. Customize CSR (Manual Control)
Toggle **"Manual Control"** if you need to override the default Identity fields (e.g., for a specific branch office or legal entity).
![Manual Control Modal](/images/guide/certificates-generate-modal-manual-control-screen.png)
* **Organization (O)**: Override the default company name.
* **Locality (L) / State (ST)**: Set specific location data.
* **Country (C)**: ISO Code.
### 4. Generate & Save
Click **Generate**.
* The **Certificate (.pem)** and **Private Key (.key)** will be generated.
* You can copy them immediately or access them later from the **Certificate Details** page.
<Callout type="info" emoji={<Save className="w-5 h-5" />}>
**Storage:** Your Private Key is securely stored. You can view it anytime by clicking **"View Details"** on the certificate list.
</Callout>
</Steps>

22
pages/en/guide/certificates/revocation.mdx Normal file
View File

@@ -0,0 +1,22 @@
# Revocation (Cabut Sertifikat)
Revocation invalidates a certificate before its expiration date. This is critical if a Private Key is compromised.
## When to Revoke?
- **Key Compromise**: You suspect someone stole your Private Key.
- **Service Change**: The domain name effectively no longer belongs to the service.
- **Mistake**: The certificate was issued with incorrect details.
## How to Remove / Revoke
If a certificate is compromised or no longer needed, you can remove it from the system.
1. Go to the **Certificates** list.
2. Identify the certificate to remove.
3. Click the **Trash Icon** (Delete) on the right side of the row.
4. **Confirm**: Type `DELETE` in the confirmation modal to permanently remove the certificate and its private key from TrustLab.
![Delete Certificate Action](/images/guide/certificates_list_view_1767869137654.png)
## CRL (Certificate Revocation List)
Once revoked, the certificate serial number is added to the TrustLab CRL. All clients checking the CRL will immediately reject the certificate.

40
pages/en/guide/certificates/view-details.mdx Normal file
View File

@@ -0,0 +1,40 @@
import { Callout } from 'nextra/components'
import { ShieldAlert } from 'lucide-react'
# Viewing Certificate Details
After generating a certificate, you can view its full metadata, download the files, or retrieve the Private Key at any time.
## Certificate List
The main **Certificates** page lists all issuing certificates.
* **Status Indicators**: Quickly see if a cert is `Valid`, `Expired`, or `Revoked`.
* **Search**: Filter by Common Name or Serial Number.
![Certificate List](/images/guide/certificates_list_view_1767869137654.png)
## Details View
Clicking the **View Icon** (Eye) or the row opens the detailed management view.
![Certificate Management View](/images/guide/certificate_management_view_1767869044987.png)
### 1. Metadata
The top section displays critical information:
* **Validity Period**: Start and End dates.
* **Issuer**: The CA that signed this certificate.
* **Subject Info**: Organization, Location, and Country.
* **Key Strength**: 2048-bit or 4096-bit.
### 2. Certificate (CRT)
This text box contains the public certificate in **PEM format** (`-----BEGIN CERTIFICATE-----`).
* **Copy**: Click the **Copy Icon** to copy the full block.
* This is safe to share publicly.
### 3. Private Key (KEY)
This section contains your secret Private Key.
* **Hidden by Default**: The specific key content is blurred/hidden for security.
* **Show**: Click the **"Show"** button to reveal the key.
* **Copy**: Click the **Copy Icon** to retrieve it.
<Callout type="error" emoji={<ShieldAlert className="w-5 h-5" />}>
**Security Warning:** Never share your Private Key. Anyone with this key can impersonate your server.
</Callout>