This release restores the Event Logger system function in the CPS API. The core functionality of the event logger remains the same. There should be no change to the system's behavior, as provided in early 2024 and beyond.

This release addresses a production bug that resulted in an incorrect live domain acknowledgement for renewal certificates that don't support SANs and didn't modify SANs.

When creating a new certificate in the CPS application, context for contracts under all accessible accounts is now available, regardless of which account is currently logged in to Control Center. This enhancement lets you view and maintain enrollments across contracts under related accounts.

The behavior in the CPS around certificate history and certificate activity data is changing as of October 7th, 2024. For enrollments with six certificates or fewer, the response yields up to twelve years of data per certificate. If there are more than six certificates in the enrollment, the response shows a truncated set. To view all changes or certificates, use the includeAll=true query parameter in the request. For more information, see the documentation.

Updates include:

The cross-sign from IdenTrust’s DST Root CA X3 to the Let’s Encrypt ISRG Root X1 certificate will expire in September 2024. To prepare for this expiration, Let’s Encrypt has announced their plans to discontinue use of the cross-sign, and issue all certificates exclusively using their intermediate certificates signed by the ISRG Root X1 certificate. At the same time, Let’s Encrypt will be introducing new intermediate certificates for both ECDSA and RSA issuance.

This endpoint can be used to monitor your active certificates. With the List active certificates operation, you can view all active certificates on your contract. The request's response object rolls up all of your active certificate's enrollments into a single response. New enrollments, with no active certificates, display null or empty fields as appropriate.

The CPS user interface and API now give you the option to enable delivery of your client-to-edge traffic using FedRAMP and FIPS-140-2 compliant cryptographic functions. When you enable FIPS mode for your certificates, the Akamai network will present only the FIPS 140-2 validated ciphers within the selected cipher profile to connecting clients. Public and private key pair generation in CPS , after March 1, 2024, always uses FIPS 140-2 validated functions.

To help provide ideal performance, the Certificate Provisioning System (CPS) API is now subject to request rate limiting. The API returns a response with an HTTP status code of 429 if these rate limits are exceeded. See Rate limiting for more information.

On Oct 17, 2023 DigiCert will automatically replace the Norton site seal image with the DigiCert site seal image wherever it appears on websites with Akamai-managed Organization-validated (OV) or Extended-validated (EV) certificates. This change is automatic and no action is required.