# airec-cert

Part of **AIREC**

<!-- intent-backlink:auto -->

> 💡 **Path Selection**: This skill is one implementation path for [Manage HTTPS certificates for AIRec](../../intent/airec-manage-certificates/SKILL.md). If you're unsure which path to take, check the routing skill first.

# AIRec Certificate Management Console Guide

## Operations Overview

| Operation | Console Entry Path | Prerequisites | Description |
|----------|-------------------|---------------|-------------|
| Issue and Verify Certificate Using Customer CA | Not applicable (offline process guided by console documentation) | The deployment planning in Apsara Stack Deployment Planner is completed and the final-state file of Apsara Stack Deployment Planner is obtained. | Use your self-owned CA to generate and validate certificates based on domain information from the planner. |
| Export Certificate-to-Service Mapping File | Apsara Stack Deployment Planner > Manage Cloud > Display Version List > Server Software List > HTTPS Certificate Requirement Table | The planning in Apsara Stack Deployment Planner has been completed. | Export the `certificate_info.xlsx` file that maps certificates to services for deployment or audit purposes. |

## Operation Steps

### Issue and Verify Certificate Using Customer CA

**Navigation**: Not a direct console operation — this is an offline process initiated after obtaining configuration data from Apsara Stack Deployment Planner.

**Prerequisites**:
- The deployment planning in Apsara Stack Deployment Planner is completed and the final-state file of Apsara Stack Deployment Planner is obtained.

1. Obtain the list of required domains (including extensive domain names) from the Apsara Stack Deployment Planner output.
   - Notes: This typically includes entries in a `san_domains` file specifying Subject Alternative Names.

2. Use your self-owned Certificate Authority (CA) system to issue a certificate for the provided domains.
   - Notes: Ensure the public key in the certificate matches the private key you will deploy.

3. Verify the integrity and validity of the issued certificate.
   - Notes: Confirm that the certificate chain is complete and trusted within your environment.

4. Prepare the certificate and private key files for upload or deployment as instructed by subsequent console workflows.
   - Notes: File formats must be compatible with the target service (e.g., PEM-encoded).

**Form Fields**:  
*Not applicable — this operation does not involve a web form.*

### Export Certificate-to-Service Mapping File

**Navigation**: Apsara Stack Deployment Planner > Manage Cloud > Display Version List > Server Software List > HTTPS Certificate Requirement Table

**Prerequisites**:
- The planning in Apsara Stack Deployment Planner has been completed.

1. **Log on to Apsara Stack Deployment Planner**
   - Element: **Log on to Apsara Stack Deployment Planner** (link) — top-level page
   - Notes: Access requires appropriate permissions in the Apsara Stack environment.

2. **Find the target cloud instance, and then click Manage Cloud**
   - Element: **Manage Cloud** (button) — main content area
   - Notes: The cloud instance must correspond to your AIRec deployment project.

3. **Find the target project from the project list, and then click Display Version List**
   - Element: **Display Version List** (button) — project list section
   - Notes: Ensure you select the correct baseline version used for deployment planning.

4. **On the Server Software List page, click HTTPS Certificate Requirement Table**
   - Element: **HTTPS Certificate Requirement Table** (button) — Server Software List page
   - Notes: A new view or download prompt may appear immediately.

5. **Save the Excel file as certificate_info.xlsx**
   - Element: **Save the Excel file** (text_input) — file download dialog
   - Notes: This file does not need to be converted to .csv format. Retain the `.xlsx` extension for compatibility.

**Form Fields**:  
*Not applicable — this operation triggers a file download without user-configurable parameters.*

## FAQ

Q: Where can I find the list of domains that need certificates?
A: The domain list (including SANs) is derived from the Apsara Stack Deployment Planner’s final-state output. For structured mapping, export the `certificate_info.xlsx` file via the HTTPS Certificate Requirement Table.

Q: Do I need to use a specific CA for certificate issuance?
A: Yes — you must use your own self-owned Certificate Authority (CA). Public CAs or Alibaba Cloud’s internal CA are not used in this workflow.

Q: Can I modify the certificate mapping after exporting the file?
A: The exported `certificate_info.xlsx` is a reference document. Modifications should align with your actual certificate deployment; however, the source of truth remains the Apsara Stack Deployment Planner configuration.

Q: What permissions are required to access the HTTPS Certificate Requirement Table?
A: You need at least viewer or operator permissions on the relevant cloud instance and project in Apsara Stack Deployment Planner.

Q: Is there a way to automate certificate upload after generation?
A: This guide covers only console-based preparation and export. Certificate upload and binding are handled in separate service configuration steps, not detailed here.

## Pricing & Billing

### Billing Model
Free

### Free Tier
No cost mentioned; likely included with Apsara Stack Deployment Planner access.

### Billing Notes
No billing information provided. Certificate management operations described are part of the deployment planning workflow and do not incur additional charges.