Here, we'll walk you through how to create a domain-validated certificate enrollment that uses Let's Encrypt as the certificate authority and Akamai's secure Standard TLS network. This is relatively easy to set up, it's available to all Akamai delivery customers, and it applies to most delivery scenarios.
You need a technical contact, outside your organization. This should be the person from your Akamai account team that you work closest with. Both your local administrator contact and this technical contact will receive communications while the certificate is being validated. Talk to your Akamai account team to get:
- A first and last name
- A valid, Akamai domain email address
- A phone number
Reach out to your Akamai account team for help with this.
A certificate enrollment is one of the many "objects" that you create and manage via your Akamai contract. To create a new enrollment, you need the unique identifier that Akamai generates for your contract. You can get this value using the list contract operation in PAPI.
Now, you can use the CPS API to generate a new enrollment. Use the
contractId provided by the response from the Get your
contractId call in PAPI.
At this phase, you need the certificate authority (Let's Encrypt) to validate your enrollment request. There are a few ways you can do this, but they require interaction with your DNS. The method we cover here is self-service. You'll apply a token in a file and add it to your site or app.
Any operation that updates or creates something in the CPS API is referred to as a "change." Here, you review the change that was created for your enrollment and store some data from the response. You'll use this data to add the tokens used for validation.
Use the values you stored from the Get a change operation to create an HTML file and store it on your site:
responseBody. Use a text editor to create a file and include this as the content of the file.
token. This is the name of the file. Save it using the
fullPath. Note the subdirectories after the domain. Create this same path on your site and save the html file you created in this path.
If you've included multiple domains (SANs) in your enrollment, repeat this same process for each one.
The last phase is automated. CPS will periodically check for the tokens on your site and ask Let's Encrypt to complete the validation. Once this happens, the administrator you set up when you created your enrollment will receive an email confirmation.
You're ready to go!
While it works for this basic tutorial, a domain-validated Standard TLS certificate may not fit your needs.
Do requests for your content require the exchange of personally identifiable information (PII)? If they do, you’ll need the heightened protection offered with Enhanced TLS.
This is a separate method that automates the creation of a secure certificate–either Standard TLS or Enhanced TLS. Currently, it’s in limited availability.
Secure hypertext transfer protocol (HTTPS) has become the standard for access on the Internet. While non-secure HTTP is still supported, it's not recommended.