Use case 3: HTTPS using a cloud partner-owned DNS name: wildcard certificate

Some subcustomers may want to serve content securely using one of your Cloud Partner-managed DNS namespaces.

Value Example
Partner Domain
secure.cloudplatform.net
End-Client-facing Domain CNAME
[sub-customer-prefix].secure.cloudplatform.net {TTL} IN CNAME
secure.cloudplatform-net.edgekey.net
Example End-Client-facing Domains
secure-sub-customer-com.secure.cloudplatform.net
2358c713-a9dad7fd-f838fd35-8c85b331.secure.cloudplatform.net
Complete End-Client CNAME Chain
secure-sub-customer-com.secure.cloudplatform.net. {TTL} IN CNAME
secure.cloudplatform.net.edgekey.net.

secure.cloudplatform-net.edgekey.net. 21600 IN CNAME
a1234.dsce16.akamai.net.

a1234.dsce16.akamai.net. 20 IN A 184.24.175.127

In this example, let's assume that you operate one or more Cloud Partner infrastructure domains where each subcustomer is given a unique prefix, for example:

{sub-customer-prefix}.secure.cloudplatform.net

To configure secure delivery, we deploy a separate certificate, in which the Common Name (CN) is a wildcard DNS name *.secure.cloudplatform.net, and the Akamai Secure Edge Hostname CNAME, secure.cloudplatform.net.edgekey.net is provisioned to ensure that the correct certificate is returned to the End-Client.

The Akamai server requires a separate DNS hostname to use as origin. The origin- prefix method works, as well as the practice of creating an origin behavior for each subcustomer as shown in the examples for Use case 1: HTTP-only, using a partner-owned DNS name.

For subcustomers that provision their own certificates (non-recognized CA or even self-signed certificates), the integration requires that you use Akamai Control Center (or the Property Manager API) to configure the origin certificate and trust chain details individually on behalf of the subcustomer.
Note: This method does not use the ACE API. It requires the Property Manager (PAPI) API. See https://learn.akamai.com/en-us/api/core_features/property_manager/v1.html to properly configure the origin security settings.