The CPS user interface and API now give you the option to enable delivery of your client-to-edge traffic using FedRAMP and FIPS-140-2 compliant cryptographic functions. When you enable FIPS mode for your certificates, the Akamai network will present only the FIPS 140-2 validated ciphers within the selected cipher profile to connecting clients. Public and private key pair generation in CPS , after March 1, 2024, always uses FIPS 140-2 validated functions.

To help provide ideal performance, the Certificate Provisioning System (CPS) API is now subject to request rate limiting. The API returns a response with an HTTP status code of 429 if these rate limits are exceeded. See Rate limiting for more information.

On Oct 17, 2023 DigiCert will automatically replace the Norton site seal image with the DigiCert site seal image wherever it appears on websites with Akamai-managed Organization-validated (OV) or Extended-validated (EV) certificates. This change is automatic and no action is required.

Update to the Basic Constraints extension for Organization-validated and Extended-validated certificates

To help provide ideal performance Certificate Provisioning System (CPS) is introducing rate limiting. To ensure these new rate limits don't negatively impact customer performance with CPS, it will be introduced intermittently.
The limits are:

The cross-sign from IdenTrust’s DST Root CA X3 to the Let’s Encrypt ISRG Root X1 certificate will expire in September 2024. To prepare for this expiration, Let’s Encrypt has announced their plans to discontinue use of the cross-sign, and issue all certificates exclusively using their intermediate certificates signed by the ISRG Root X1 certificate.

The Certificate Provisioning System (CPS) application now provides an automatic delay after the manual cancellation of a certificate renewal before starting the next renewal.

The Certificate Provisioning System API Postman collection (beta) is now available! Try the API, build workflows, and stay on top of development changes.

The Certificate Provisioning System (CPS) application now provides users with the ability to control the automatic refresh of the certificates lists on both the "In Progress" and "Active" tabs. For users with a large number of certificates, disabling automatic refresh can be useful when searching for specific certificates or navigating pages.

Akamai now supports both ECDSA and RSA keys for all new and existing third-party certificates provisioned in Certificate Provisioning System (CPS). ECDSA+RSA "dual-stack" capability has been available for Akamai-managed OV and EV certificates since 2017 and is now available for all third-party certificates. This free upgrade is available for Standard TLS and Enhanced TLS hostnames, and is supported in all geographies and regions where Akamai delivers secure traffic. No additional contract line items or entitlements are required.