You need an Edge certificate
You use Akamai Control Center to create or access an edge certificate for use. This way, the private key remains secure within the Akamai platform, and is never transmitted or stored outside where it could be intercepted.
There are multiple ways to create this certificate.
Use the Akamai Shared Certificate
We offer a proprietary shared certificate known as the "Akamai Shared Cert." This allows you to quickly incorporate secure HTTPS delivery, but has some specific requirements for use.
If you're using this delivery security, you don't need to create a certificate.
Complete details on the use of this certificate method can be found in the Property Manager documentation.
Use a default certificate (Limited Availability)
This lets you easily create and provision a certificate, directly in Property Manager when you're adding a hostname to a property. It supports both Enhanced TLS and Standard TLS security.
If you're using this method, you don't need to create the certificate beforehand.
Complete details on the use of this certificate method can also be found in the Property Manager documentation.
Manually create the certificate
If you'd rather create the certificate manually, you can use the Certificate provisioning System (CPS) in Akamai Control Center. All certificates created in CPS are signed by a Certificate Authority (CA) that is known to be trusted by every major browser or operating system.
Don't create a certificate while creating the association
When using the Property Manager Editor to create the property hostname to Edge hostname association, you can create a custom edge certificate, but we recommend against this. You need to wait for the certificate to complete provisioning before you can finish the property. You'll more-than-likely have to abort the property set up process if the certificate takes too long to provision.
To avoid this break in the process, create the certificate first, using the process covered here.
How to create the certificate
Follow the steps here to create a new certificate.
- Select the appropriate Control Center Account—one with administrator-level access to create and manage certificates. Use the top-right pull-down in the header to select the account.
- Open the application. Go to .
- Click Create New Certificate.
- Select the appropriate Validation Type. Keep in mind that the more extensive the level of validation, the longer it takes to provision the certificate.
- In 3 - Enter Certificate
Information, input the appropriate vanity hostname as the
- If you're creating a new property in Property Manager: Input a desired hostname, that best applies to your configuration. All vanity domain names used to access your site or application must be included as a CN (or optionally a SAN). Input the complete name—you can't use wildcards.
- If you're migrating
from an existing property: Input your existing vanity
domain name.Note: If migrating, you can input your existing vanity domain name in the Subject Alternative Name (SAN) field, instead.
- In addition to any CN values you've set in the certificate, you can also input SANs. These are additional hostnames that may be used to access your site or app. In difference to a CN, you can use wildcards when defining a SAN. For example, if www.mysite.* is set as a SAN, the certificate is trusted for a request to www.mysite.com and www.mysite.new.com.
- Input Company Information as necessary.
- In 5 - Enter Contact Information, input details here as necessary. (You want to include proper information to ensure the right individual can be contacted quickly if there's a problem.)
- In 6 - Select Network
settings, apply the following:
Network: Choose the appropriate level of security.
- Standard TLS. This is a secure certificate (HTTPS L1), but it is not as rigorous as Enhanced TLS certificate delivery. (Standard TLS is not FedRAMP or PCI compliant, but it is Sarbanes Oxley (SOX) and International Standards Organization (ISO) compliant.) So, if you're looking for secure delivery, but are not transferring personally identifiable information (PII), Standard TLS could work for you.
- Enhanced TLS. This provides a rich set of TLS, HTTPS and security functionality engineered to meet the needs of sites and content with high-assurance security requirements, such as PCI or FedRAMP compliance. It also supports custom or very old clients that do not send a TLS SNI header, which requires a VIP hosted certificate.
- SNI-Only. Choose Enable.
- Deployment Network: Choose the appropriate level of security.
- Review and confirm creation of the certificate.
How long does it take for the certificate to provision?
The time it takes can vary, based on all of the settings you've applied for the certificate. Typically, a certificate with Domain Validation and Standard TLS applied can take 60 minutes to provision, but an Enhanced TLS certificate can take considerably longer, ranging from three to six hours.
The Control Center user account that created the certificate will receive an email when the certificate has complete provisioning.
More information on certificates
The CPS user documentation offers several topics of extended information on certificates, including the following:
- The CPS Workflow
- What is a Certificate?
- What is a Certificate Authority?
This can all be found in the online help from the CPS UI, as well as in its documentation on learn.akamai.com.