Use case 3: HTTPS using a cloud partner-owned DNS name: wildcard certificate

Some subcustomers may want to serve content securely using one of your Cloud Partner-managed DNS namespaces.

Value Example
Partner Domain
End-Client-facing Domain CNAME
[sub-customer-prefix] {TTL} IN CNAME
Example End-Client-facing Domains
Complete End-Client CNAME Chain {TTL} IN CNAME 21600 IN CNAME 20 IN A

In this example, let's assume that you operate one or more Cloud Partner infrastructure domains where each subcustomer is given a unique prefix, for example:


To configure secure delivery, we deploy a separate certificate, in which the Common Name (CN) is a wildcard DNS name *, and the Akamai Secure Edge Hostname CNAME, is provisioned to ensure that the correct certificate is returned to the End-Client.

The Akamai server requires a separate DNS hostname to use as origin. The origin- prefix method works, as well as the practice of creating an origin behavior for each subcustomer as shown in the examples for Use case 1: HTTP-only, using a partner-owned DNS name.

For subcustomers that provision their own certificates (non-recognized CA or even self-signed certificates), the integration requires that you use Akamai Control Center (or the Property Manager API) to configure the origin certificate and trust chain details individually on behalf of the subcustomer.
Note: This method does not use the ACE API. It requires the Property Manager (PAPI) API. See to properly configure the origin security settings.