Create _certificate-management.mdx

josh-wong · josh-wong · commit 3b8b8e0559e8 · 2025-10-16T14:11:30.000+09:00
diff --git a/src/components/en-us/_certificate-management.mdx b/src/components/en-us/_certificate-management.mdx
@@ -0,0 +1,44 @@
+You have several options for certificate management:
+
+1. Management of private key and certificate files
+   1. Manage your private key and certificate files automatically by using [cert-manager](https://cert-manager.io/docs/).
+      - This method can reduce maintenance or operation costs. For example, cert-manager automatically renews certificates before they expire and Scalar Helm Chart automatically mounts private key and certificate files on the Scalar product pods.
+      - You cannot use a CA that cert-manager does not support. You can see the supported issuers in the [cert-manager documentation](https://cert-manager.io/docs/configuration/issuers/).
+   1. Manage your private key and certificate files manually.
+      - You can issue and manage your private key and certificate files on your own by using your preferred method.
+      - You can use any certificate even if cert-manager does not support it.
+      - You must update secret resources when certificates expire.
+1. Kinds of certificates
+   1. Use a trusted CA (signed certificate by third party).
+      - You can use trusted certificates from a third-party certificate issuer.
+      - You can encrypt packets.
+      - You must pay costs to issue trusted certificates.
+   1. Use self-signed certificates.
+      - You can reduce costs to issue certificates.
+      - Reliability of certificates is lower than a trusted CA, but you can encrypt packets.
+
+In other words, you have the following four options:
+
+1. Use a self-signed CA with automatic management.
+1. Use a trusted CA with automatic management.
+1. Use a self-signed CA with manual management.
+1. Use a trusted CA with manual management.
+
+You should consider which method to use based on your security requirements. For guidance and related documentation for each method, refer to the following decision tree:  
+
+```mermaid
+flowchart TD
+  A[Do you want to use <br /><a href='https://cert-manager.io/docs/'>cert-manager</a> to manage your <br />private key and certificate <br />files automatically?]
+  A -->|Yes, I want to manage my <br />certificates automatically.| B
+  A -->|No, I want to manage my <br />certificates manually by myself.| C
+  B[Do you want to use a <br />self-signed CA or a trusted CA?]
+  C[Do you want to use a <br />self-signed CA or a trusted CA?]
+  B -->|I want to use a <br />self-signed CA.| D
+  B -->|I want to use a <br />trusted CA.| E
+  C -->|I want to use a <br />self-signed CA.| F
+  C -->|I want to use a <br />trusted CA.| G
+  D[See the <a href='#use-a-self-signed-ca-with-cert-manager-to-manage-your-private-key-and-certificate-files'>Use a self-signed <br />CA with cert-manager to <br />manage your private key and <br />certificate files</a> section.]
+  E[See the <a href='#use-a-trusted-ca-with-cert-manager-to-manage-your-private-key-and-certificate-files'>Use a trusted <br />CA with cert-manager to <br />manage private key and <br />certificate files</a> section.]
+  F[See the <a href='#use-your-private-key-and-certificate-files'>Use your private <br />key and certificate files</a> <br />section, and use the self-signed <br />certificate you generated.]
+  G[See the <a href='#use-your-private-key-and-certificate-files'>Use your private key <br />and certificate files</a> section, <br />and use the trusted certificate <br />generated by the third party.]
+```
