Create an Akamai certificate

A trusted root certificate is required on end-user devices for ETP Proxy to terminate TLS and act as man-in-the-middle for content inspection. This procedure describes how to create a certificate that is signed by Akamai. If your organization has a public key infrastructure in place and already uses a certificate authority (CA), see Create a non-Akamai certificate.

You must be an ETP super administrator to perform this procedure. You can download the certificate in base64 (.pem) or binary (.der) format.

Note: If you use pip and your organization has enabled ETP Proxy, make sure you also add the ETP Proxy TLS man-in-the-middle (MITM) certificate to the pip configuration file. In the pip.conf file, add this entry:
cert = /path/certificate.pem
  • path is the path to the certificate
  • certificate is the name of the certificate

How to

  1. In the Enterprise Center navigation menu, select Certificates > Proxy Certificate.
  2. In the Certificate type area, select Akamai Certificate and click Continue to Next Step.
  3. Click Download Certificate and depending on the certificate format you want to download, select Base64 (.pem) or Binary (.der).
  4. Distribute the certificate as a Trusted Root CA to all devices in your network. To distribute certificates, you can use Windows Group Policy for devices that are joined by domain, mobile device managers for mobile devices, or other desktop management systems.
  5. After the certificate is distributed, click Confirm Distribution.
  6. Click Activate Certificate. A confirmation window appears.
  7. Click Activate. The certificate is now available for use.