Determine the level of security
Before you set up your connections, you need to determine the level of delivery security you need.
For awhile now, we have offered HTTPS support for delivery, via one of two use cases:
- Shared certificate method. Object and media are delivered over a "shared" certificate (using the applicable Edge hostname suffix, “a248.e.akamai.net”, “*.akamaihd.net”, and “*.akamaized.net”).
- Custom certificate method. A custom certificate is created and lives on an “SSL network” designed to meet the high security needs of online ecommerce, banking, healthcare, and other regulated industries. This incorporates both of the TLS methods—Enhanced and Standard—discussed below.
HTTPS is on its way to being the standard for the delivery of sites and content. To accommodate, we have re-factored our HTTPS and TLS features.
|Supported Delivery Method||Description|
|Enhanced TLS (formerly “HTTPS Option”, “HTTPS Custom Cert” or “SSL Network”)||This provides a rich set of TLS, HTTPS, and security functionality engineered to meet the needs of sites and content with high-assurance security requirements, such as FedRAMP and PCI compliance. It also supports custom or very old clients that do not send a TLS SNI header, which requires a VIP hosted certificate.|
|Standard TLS||This enables the delivery of sites, content, and video streaming over HTTPS using customer-branded certificates as a standard feature of delivery and performance products. It is secure (HTTPS L1), but not as rigorous as Enhanced TLS certificate delivery. (Standard TLS is not FedRAMP or PCI compliant, but it is Sarbanes Oxley (SOX) and International Standards Organization (ISO) compliant.) So, if you're looking for secure delivery, but are not transferring personally identifiable information (PII), Standard TLS could work for you.|
|Shared certificate||This enables the delivery of objects, downloads, and video streaming over HTTPS, without the need to provision and manage a certificate. However, it does require that you use a hostname under an Akamai-owned domain such as “example.akamaized.net” or “example-a.akamaihd.net”.|
|HTTP-only||This provides non-secure delivery, in plaintext.|
- Make way for HTTPS - Google Chrome marks all HTTP sites as "NOT SECURE" (This blog entry discusses how Google is handling secure and non-secure sites.)
- Reaching toward universal TLS SNI (This blog entry discusses the increase in the use of Server Name Indication with Transport Layer Security.)