CPS workflow

Before you begin

Set up a secure property.

When you need to provision a certificate using CPS, follow the general workflow outlined here. The following image shows the CPS workflow at a high level.

How to

  1. Collect all the information you need to get a certificate.

    This includes the name, address, and phone number of your organization; contact information for someone at your company; and a representative from ​Akamai​.

  2. Create the certificate signing request (CSR).

    You must use CPS to create a request for a certificate from your CA. CPS generates and stores the private key for the certificate when you create the request.

  3. Submit the CSR.

    CPS submits the certificate request to the certificate authority (CA) for signing.

  4. Validate the certificate.

    The CA validates the certificate request.

  5. Issue the certificate.

    The CA signs and issues the certificate.

  6. Retrieve the certificate.

    CPS automatically retrieves the certificate and verifies that it is the correct certificate. CPS also checks to see if everything you submitted in the CSR is still the same as when you submitted it, and warns you if there are differences. You have the opportunity to review and accept any warnings before the certificate deploys.

  7. Deploy to staging.

    CPS deploys the received certificate to the staging network for testing.

  8. If you enable Always Test on Staging, you have the opportunity to review and test your certificate on staging. Once testing is complete, you can acknowledge the change and then CPS can push it to production.


    If Always Test on Staging and a deployment date are both set, then both need to be completed before the certificate pushes to production. Seven days prior to the expiration of the currently deployed certificate, CPS pushes any certificate that is ready on staging straight to production unless a deployment date is specified.

  9. Check for a scheduled date before which CPS cannot deploy the certificate.

    CPS checks whether or not you set a date and time before which CPS will not deploy the certificate to production. If you set this information, CPS waits until after the date and time to deploy the certificate. If you did not set this information, CPS automatically deploys the certificate to the production network.

  10. Deploy the certificate.

    CPS deploys the certificate on the production network.

  11. Renew the certificate.

    Most certificates expire a year from the date the CA issued it. CPS automatically restarts these steps to renew the certificate 60 days (16 days for a DV certificate) before it expires.