Method 1: Use a publicly trusted certificate authority
Akamai uses Let's Encrypt as our default certificate authority. You can obtain and configure a certificate for your origin from the Let's Encrypt certificate authority, or from other trusted authorities.
To obtain and configure a certificate for your origin from the Let's Encrypt certificate authority, you should follow their instructions. You can also obtain a certificate from another trusted certificate authority, and install it on your origin server. At the time of this publication you could find DigiCert instructions for other trusted authorities:
- If your origin certificate is going to expire soon, you can rotate it (create a new certificate) on your origin without needing to change any Akamai settings.
- If you ever need end users to make requests directly to your origin, their browsers will also trust this certificate.
- Akamai will keep the list of trusted certificate authorities up to date for you.
- You need to rotate a certificate that is close to expiring. If you don't, and it expires, an Edge server will no longer trust it and won't be able to connect to your origin.
Do you need to rotate your certificate?
If your origin certificate is going to expire soon and you need rotate it, you just need to ensure that the new one is also signed by one of the trusted certificate authorities, and that it's valid for the same hostnames.