The Certificate Provisioning System (CPS) provides full life cycle management of SSL/TLS certificates for your Akamai Secure Delivery Network applications. This includes ability to request new certificates, modify existing certificates, automatically renew certificates, and delete certificates. CPS also manages key Transport Layer Security (TLS) configurations, including cipher selection.

You can use this API as part of setting a secure website to ensure that the delivery of content to and from that site is secure. The SSL/TLS certificates that CPS provides authenticate the secure connection that the browser makes during secure delivery. CPS generates and secures the private key of each certificate.


CPS no longer supports provisioning new GeoTrust certificates. Existing GeoTrust certificates will continue to be supported. Organizational Validation (OV) and Extended Validation (EV) certificates are exclusively Symantec Secure Site Pro certificates (validated and issued by DigiCert).


The CPS API now supports UTF-8/16.

Who should use this API

Most common users of CPS API are developers and architects. By leveraging CPS API, users can request new certificates, modify existing certificates, and delete certificates. To use this API effectively, you must be familiar with the process for obtaining and managing certificates. To use this API, you should be familiar with the terminology and concepts specific to the Akamai Control Center.

You can use the CPS API together with the Property Manager API (PAPI). While the CPS API provides a mechanism to provision and manage certificates, PAPI is used to provision and manage secure edge hostnames.

Developers using this API should be familiar with:

  • SSL/TLS certificates
  • Certificate authorities (CAs)
  • How Akamai obtains certificates on the requester's behalf, which includes the generation of public/private key pairs and certificate signing requests (CSRs).
  • DNS

If you have questions about these concepts, contact your Akamai account representative.



Brand-new to Certificate Provisioning System?

The tutorial below can only be completed once you have set up your identity and access with Akamai. For a detailed tutorial of that onboarding process, see Get started.

TutorialSummaryLink to documentation
Create a domain-validated (DV) certificateA domain-validated certificate will determine if your company has control of the domains listed in your certificate. This is the simplest validation method but also has the shortest expiration date (90 days) which means you'll have to renew your certificate more frequently. However, this certificate renewal process can be automated.Use Control Center | Use an API