# airec-security

Part of **AIREC**

<!-- intent-backlink:auto -->

> 💡 **Path Selection**: This skill is one implementation path for [Manage HTTPS certificates for AIRec](../../intent/airec-manage-certificates/SKILL.md). If you're unsure which path to take, check the routing skill first.

# AIRec Network Security Console Guide

## Operations Overview

| Operation | Console Entry | Prerequisites | Description |
|----------|---------------|---------------|-------------|
| Create HTTPS Certificates | Console > Security > Certificates > Create Certificate | - A valid domain name registered with a DNS provider<br>- Access to the AIRec console with appropriate permissions<br>- An active project or service instance | Generate or upload HTTPS certificates for secure service communication. |
| Deploy HTTPS Certificate | Console > AIRec > Deployment > New deployment | - The HTTPS certificate has been generated and the verification is successful<br>- You have exported a file that provides the mapping between certificates and services<br>- If internal/external domains use different certificate sources, confirm usage per certificate_info.xlsx | Apply newly created or imported HTTPS certificates to services during new deployments. |

## Operation Steps

### Create HTTPS Certificates

**Navigation**: Console > Security > Certificates > Create Certificate

**Prerequisites**:
- A valid domain name registered with a DNS provider
- Access to the AIRec console with appropriate permissions
- An active project or service instance

1. Navigate to the Certificates section in the Security menu  
   - Element: **Certificates** (menu) — left navigation panel

2. Click the 'Create Certificate' button  
   - Element: **Create Certificate** (button) — top-right corner of the Certificates page  
   - Notes: The button is only visible if the user has 'Write' permission for certificates.

3. Enter the domain name for which the certificate will be issued  
   - Element: **Domain Name** (text_input) — main content area  
   - Notes: Supports wildcard domains (e.g., *.example.com)

4. Select the certificate type from the dropdown  
   - Element: **Certificate Type** (dropdown) — form fields section  
   - Notes: Options include: Standard SSL, Wildcard SSL, and Enterprise SSL

5. Review the configuration and click 'Confirm' to submit the request  
   - Element: **Confirm** (button) — bottom of the form  
   - Notes: A confirmation dialog appears before submission.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Domain Name | text_input | Yes | — | The fully qualified domain name (FQDN) for which the HTTPS certificate will be issued. |
| Certificate Type | dropdown | Yes | Standard SSL, Wildcard SSL, Enterprise SSL | Specifies the level of validation and coverage provided by the certificate. |

### Deploy HTTPS Certificate

**Navigation**: Console > AIRec > Deployment > New deployment

**Prerequisites**:
- The HTTPS certificate has been generated and the verification is successful
- You have exported a file that provides the mapping between certificates and services
- If the certificate sources for the internal domain name and the external domain name are different, you must confirm which products, services, and server roles are for internal use and which ones are for external use based on the certificate_info.xlsx file

1. Open the certificate_info.xlsx file on your local computer  
   - Element: **certificate_info.xlsx** (link) — local computer

2. Enter Certificate Name Provided By Customer (with no suffix) based on the customer-provided certificate and actual project condition  
   - Element: **Certificate Name Provided By Customer** (text_input) — in the certificate_info.xlsx file  
   - Notes: For Scenario 1: both domain names are self-signed or purchased. For Scenario 2: internal domain is self-signed, external is purchased or issued through HSM.

3. Click Save after the preceding configurations  
   - Element: **Save** (button) — in the certificate_info.xlsx file

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Certificate Name Provided By Customer | text_input | Yes | — | Enter the certificate name provided by the customer without suffix, based on actual project conditions. |
| Root Certificate Name | text_input | No | — | Not required in Scenario 1; must be specified in Scenario 2 if applicable. |

## FAQ

Q: Where can I find the Certificates section in the AIRec console?
A: Go to the left navigation panel, click **Security**, then select **Certificates** from the submenu.

Q: Can I modify the domain name after submitting a certificate creation request?
A: No. Once submitted, the domain name cannot be changed. You must create a new certificate if corrections are needed.

Q: What file format is required for uploading a private key during certificate creation?
A: The private key must be in PEM format and must not be encrypted.

Q: Do I need to stay on the page while the certificate is being processed?
A: No, but you should check back later to verify issuance status. Processing may take several minutes.

Q: Is the Deploy HTTPS Certificate operation performed entirely in the browser?
A: Partially. The deployment configuration is done by editing the **certificate_info.xlsx** file locally, not directly in the console. The console guides you to prepare this file for bootstrap.

## Pricing & Billing

### Billing Model
Certificates are billed upon creation. Unused certificates do not incur additional charges.

### Price Reference

| Tier | Price |
|------|-------|
| Standard SSL | 0.5 / |
| Wildcard SSL | 1.5 / |
| Enterprise SSL | 5.0 / |

### Free Tier
 10 

### Billing Notes
Certificates are billed upon creation. Renewal is not automatic. Single users are limited to 100 certificates.