Secure delivery (HTTPS)

For secure access (HTTPS), Akamai Edge servers deliver via HTTPS, only if the client request is made over HTTPS.

You can create a custom certificate in Control Center

You don't need to provide an existing SSL certificate. You can create and activate a custom one via the Certificate Provisioning System (CPS) in Akamai Control Center, and then apply it in your ACE base configuration when creating it in Control Center. This is the recommended practice for this process.

Create the certificate before the configuration

When using the Property Manager Editor to create a Property Hostname for your base configuration, you'll notice a button you can use to create a new certificate. Don't use this. You'll need to wait for the certificate to complete provisioning before you can finish your base configuration. You may need to abort the configuration process if the certificate takes too long to provision.



To streamline the process, create the certificate first using the Certificate Provisioning System (CPS), separately in Control Center.

Note: These instructions don't cover the full use of CPS, just what's required for this process. See the online help for CPS for complete details on its use.
  1. Log in to Control Center using an administrator-level User ID and Password.
  2. Select CONFIGURE > Certificate Provisioning System.
  3. Click Create New Certificate.
  4. In section 1 - Select Validation Type, choose the desired level of validation. Keep in mind that the more extensive the validation, the longer it takes to provision the certificate.
  5. In section 3 - Enter Certificate Information, input all applicable hostnames ("vanity domains") you use for your website or application, in the Common Name (CN) field. (When a request originates from one of these hostnames, an Edge server will deliver content.)
  6. Set the desired security level in section 6 - Select Network settings:
    • Deployment Network: Select either Standard TLS (Standard: SOX and ISO compliant) or Enhanced TLS (Advanced: PCI, SOX, ISO and FedRAMP compliant).
    • SNI-Only: Set to "On" if you want to extend upon TLS. Ensure that your environment can support it.
  7. Review and confirm creation of the certificate.

How long does it take for the certificate to provision?

The time it takes can vary, based on all of the settings you've applied for the certificate. Typically, a certificate with Domain Validation and Standard TLS applied can take 60 minutes to provision, but an Enhanced TLS certificate can take considerably longer, ranging from three to six hours.

The Control Center user account that created the certificate will receive an email when the certificate has complete provisioning.

Are you using your own SSL certificate?

You can't set up SSL service through the edge network without Akamai first receiving or obtaining your certificate information and setting up for it. You'll need to work with your Account Representative to do so.

You can use our shared certificate

We offer a secure certificate for HTTPS delivery (you don't have to create a custom one). However, this requires that you use our specific "shared certificate hostname" in the URLs that must be provided to end users to access content. You define your own unique property hostname to add to the shared certificate hostname to build this URL. (For example, "mypropertyhostname.akamaized.net.") This is all accomplished via the generation of a Property Hostname in your ACE configuration.

The SSL certificate must exist on all origin servers

If you are using a custom origin (not NetStorage), you need to maintain a valid SSL certificate on all origin servers that will be contacted by the Edge network, if you want to maintain HTTPS security throughout the request. (This includes the client to Edge server, then origin to client for delivery.) The SSL certificate name should be the same name as your Property Hostname.