Method 2: Specify a certificate authority

You can specify which certificate authorities you want Akamai to trust for your site. This can even be a certificate authority that you set up yourself.

How to

You need to provision an origin certificate using that certificate authority, and install it on your origin server. If you want to set up your own certificate authority and sign the origin certificate yourself, you can do that using multiple tools:

Next, you need to install that certificate on your origin server, very similar to how you’d install a certificate from any other certificate authority. (For example, you can use the DigiCert instructions for Apache or Nginx.)

Advantages

  • If your origin certificate is going to expire soon, you can rotate it (create a new certificate) on your origin without needing to change any Akamai settings.

Disadvantages

  • If any of the trusted certificate authorities are compromised, your site may be vulnerable until you remove that certificate authority from your custom trusted list.
  • If the certificate authority itself is going to expire soon, you'll need to rotate it. This also includes changing various Akamai-related settings. If you don't, and it expires, an Edge server will no longer trust it and won't be able to connect to your origin.
  • You need to rotate a certificate that is close to expiring. If you don't, and it expires, an Edge server will no longer trust it and won't be able to connect to your origin.

Do you need to rotate your certificate?

If your certificate authority is going to expire soon and you need a new one, you need to create a new certificate that is signed by the new certificate authority and rotate the certificate.