You need an Edge certificate

You use Akamai Control Center to create or access an edge certificate for use. This way, the private key remains secure within the Akamai platform, and is never transmitted or stored outside where it could be intercepted.

There are multiple ways to create this certificate.

Use the Akamai Shared Certificate

We offer a proprietary shared certificate known as the "Akamai Shared Cert." This allows you to quickly incorporate secure HTTPS delivery, but has some specific requirements for use.

If you're using this delivery security, you don't need to create a certificate.

Complete details on the use of this certificate method can be found in the Property Manager documentation.

Use a default certificate (Limited Availability)

This lets you easily create and provision a certificate, directly in Property Manager when you're adding a hostname to a property. It supports both Enhanced TLS and Standard TLS security.

If you're using this method, you don't need to create the certificate beforehand.

Complete details on the use of this certificate method can also be found in the Property Manager documentation.

Note: This is currently in limited availability. Talk to your account representative to see if you can get it added to your contract for use.

Manually create the certificate

If you'd rather create the certificate manually, you can use the Certificate provisioning System (CPS) in Akamai Control Center. All certificates created in CPS are signed by a Certificate Authority (CA) that is known to be trusted by every major browser or operating system.

Don't create a certificate while creating the association

When using the Property Manager Editor to create the property hostname to Edge hostname association, you can create a custom edge certificate, but we recommend against this. You need to wait for the certificate to complete provisioning before you can finish the property. You'll more-than-likely have to abort the property set up process if the certificate takes too long to provision.



To avoid this break in the process, create the certificate first, using the process covered here.

Note: This applies to Modify Existing Certificates, too. You should edit an existing certificate to use it before you begin creating the association.

How to create the certificate

Follow the steps here to create a new certificate.

Note: These instructions don't cover the full use of CPS, just what's required to create a certificate for this purpose. The UI offers detailed explanations of each set of options, and you can also consult the CPS online help for complete information.
  1. Select the appropriate Control Center Account—one with administrator-level access to create and manage certificates. Use the top-right pull-down in the header to select the account.
  2. Open the application. Go to > CDN > Certificates.
  3. Click Create New Certificate.
  4. Select the appropriate Validation Type. Keep in mind that the more extensive the level of validation, the longer it takes to provision the certificate.
  5. In 3 - Enter Certificate Information, input the appropriate vanity hostname as the Common Name (CN):
    • If you're creating a new property in Property Manager: Input a desired hostname, that best applies to your configuration. All vanity domain names used to access your site or application must be included as a CN (or optionally a SAN). Input the complete name—you can't use wildcards.
    • If you're migrating from an existing property: Input your existing vanity domain name.
      Note: If migrating, you can input your existing vanity domain name in the Subject Alternative Name (SAN) field, instead.
  6. In addition to any CN values you've set in the certificate, you can also input SANs. These are additional hostnames that may be used to access your site or app. In difference to a CN, you can use wildcards when defining a SAN. For example, if www.mysite.* is set as a SAN, the certificate is trusted for a request to www.mysite.com and www.mysite.new.com.
  7. Input Company Information as necessary.
  8. In 5 - Enter Contact Information, input details here as necessary. (You want to include proper information to ensure the right individual can be contacted quickly if there's a problem.)
  9. In 6 - Select Network settings, apply the following:
    • Deployment Network: Choose the appropriate level of security.
      • Standard TLS. This is a secure certificate (HTTPS L1), but it is not as rigorous as Enhanced TLS certificate delivery. (Standard TLS is not FedRAMP or PCI compliant, but it is Sarbanes Oxley (SOX) and International Standards Organization (ISO) compliant.) So, if you're looking for secure delivery, but are not transferring personally identifiable information (PII), Standard TLS could work for you.
      • Enhanced TLS. This provides a rich set of TLS, HTTPS and security functionality engineered to meet the needs of sites and content with high-assurance security requirements, such as PCI or FedRAMP compliance. It also supports custom or very old clients that do not send a TLS SNI header, which requires a VIP hosted certificate.
    • SNI-Only. Choose Enable.
  10. Review and confirm creation of the certificate.


How long does it take for the certificate to provision?

The time it takes can vary, based on all of the settings you've applied for the certificate. Typically, a certificate with Domain Validation and Standard TLS applied can take 60 minutes to provision, but an Enhanced TLS certificate can take considerably longer, ranging from three to six hours.

The Control Center user account that created the certificate will receive an email when the certificate has complete provisioning.

More information on certificates

The CPS user documentation offers several topics of extended information on certificates, including the following:

  • The CPS Workflow
  • What is a Certificate?
  • What is a Certificate Authority?

This can all be found in the online help from the CPS UI, as well as in its documentation on learn.akamai.com.