An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process before the old certificate expires, and then automatically deploys the renewed certificate when it receives it from the CA. The CPS workflow is as follows:

  1. Collect certificate details. This includes, the name, address, and phone number of your organization, and contact information for someone at your company and a representative from Akamai.

  2. Create the certificate signing request (CSR). You must use CPS to create a request for a certificate from your CA. CPS stores the private key for the certificate when you create the request.

  3. Pre-verify certificate. CPS may trigger pre-verification warnings that require acknowledgement through the API.

  4. Submit the CSR. CPS submits the certificate request to the certificate authority (CA) of your choice for signing. For Third-Party enrollments, you must call the API to extract the CSR to share with your CA for signing.

  5. Validate the certificate. The CA validates the certificate. For Let's Encrypt, this may involve API calls and validation token configuration.

  6. Issue the certificate. The CA issues the certificate.

  7. Retrieve the certificate. CPS automatically retrieves the certificate and verifies that it is the correct certificate. For Third-Party enrollments, you must use the API to submit a signed certificate and trust chain to CPS.

  8. Post-verify certificate. CPS verifies the certificate against the CSR request, and may trigger post-verification warnings that require acknowledgement through the API.

  9. Confirm change management is enabled. CPS checks whether or not change management is on. If it is on, CPS deploys certificates to the staging network and prompts users to review and acknowledge Change Management before deploying to the production network. If Change Management is off, CPS automatically deploys the certificate to the network.

  10. Check when the certificate may deploy. CPS checks whether or not you set Change.statusInfo.deploymentSchedule to specify when the certificate can deploy, and CPS waits until after the date, if applicable, before deploying the certificate. If you did not set this information, CPS automatically deploys the certificate to the network.

  11. Deploy the certificate. CPS deploys the certificate on the network.

  12. Renew the certificate. CPS automatically restarts these steps to renew the certificate before certificate expires unless you schedule enrollment removal using Remove an Enrollment.

The enrollment should proceed to next steps in the workflow (for example to postverification warnings, if there are any, or change management, and so on.)