import { Tabs, Callout } from 'nextra/components'
import { Server, Globe, Shield } from 'lucide-react'
# Web Server Configuration
To enable HTTPS on your internal services, you need to configure your web server to use the certificates issued by TrustLab.
}>
**Prerequisite:** Ensure you have downloaded the **PEM Bundle** (for Linux) or **PFX** (for Windows) as described in the [Download Guide](/guide/certificates/download-install).
## Configuration Examples
Select your web server environment below:
### Nginx Setup
Target File: `/etc/nginx/sites-available/default` or `internal.app.conf`
```nginx
server {
listen 80;
server_name internal.app;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name internal.app;
# SSL Configuration
ssl_certificate /etc/ssl/trustlab/internal.app.crt;
ssl_certificate_key /etc/ssl/trustlab/internal.app.key;
# Recommended Security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
```
### Apache / HTTPD Setup
Target File: `/etc/httpd/conf.d/ssl.conf` or VHost file.
```apache
ServerName internal.app
DocumentRoot /var/www/html/internal
SSLEngine on
SSLCertificateFile "/path/to/internal.app.crt"
SSLCertificateKeyFile "/path/to/internal.app.key"
# Best Practice
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
```
### IIS (Internet Information Services)
Requires the **.pfx** file format.
1. **Import Certificate**:
* Open **IIS Manager** > Click Server Node > **Server Certificates**.
* Click **Import...** (Actions pane).
* Select your `.pfx` file and enter the password.
2. **Bind to Site**:
* Go to **Sites** > Select your site (e.g., Default Web Site).
* Click **Bindings...** > **Add...**
* Type: `https` | Port: `443`.
* **SSL Certificate**: Select the certificate you just imported.