This table aggregates membership for all versions of the Deployment object.

Versioned schema members

Any object member specific to a range of versions is indicated in its description, at what version the member was either introduced or removed. Any listed data member with no version number is common to all versions of the object.

MemberTypeDescription
Deployment: Deploys your certificate to a network.
certificateStringpre-v6. The certificate text.
multi‚ÄčStacked‚ÄčCertificatesDeployment.‚Äčmulti‚ÄčStacked‚ÄčCertificates[]v6. Deployment may include multiple dual-stacked certificates.
network‚ÄčConfigurationDeployment.‚Äčnetwork‚ÄčConfigurationrequired: Network configuration properties.
ocsp‚ÄčStapledBoolean, Nullv6. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.
ocsp‚ÄčUrisArray, Nullv6. URI used for OCSP stapling validation.
primary‚ÄčCertificateDeployment.‚Äčprimary‚ÄčCertificatev6. Primary certificate of the enrollment.
signature‚ÄčAlgorithmString, Nullpre-v6. The SHA (Secure Hash Algorithm) function. Current values include SHA-1 & SHA-256.
trust‚ÄčChainStringpre-v6. The trust chain text. You may have any number of trust chains.
Deployment.multi‚ÄčStacked‚ÄčCertificates[]: Deployment may include multiple dual-stacked certificates.
certificateStringv6. The certificate text.
expiryString, Nullv6. The expiration date for the certificate.
key‚ÄčAlgorithmEnumeration, Nullv7. The key algorithm of the certificate.
signature‚ÄčAlgorithmEnumeration, Nullv6. The SHA (Secure Hash Algorithm) function. Current values include SHA-1 & SHA-256.
trust‚ÄčChainStringv6. The trust chain for the certificate.
Deployment.network‚ÄčConfiguration: Network configuration properties.
disallowed‚ÄčTls‚ÄčVersionsArray, Nullv2. Disallowed TLS protocols.
dns‚ÄčNamesArray, Nullv6. Names served by SNI-only enabled enrollments.
geographyEnumeration, Enumv3. Type of the network that you want to deploy your certificate. core is worldwide (includes China and Russia). china+core is worldwide and China. russia+core is worldwide and Russia.
must‚ÄčHave‚ÄčCiphersString, NullCiphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
network‚ÄčTypeString, Nullpre-v3. Type of the network that you want to deploy your certificate in, either standard-worldwide, worldwide-russia, or worldwide.
ocsp‚ÄčStaplingString, Nullv6. OCSP stapling setting for the deployment.
preferred‚ÄčCiphersString, NullCiphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
quic‚ÄčEnabledBooleanv6. QUIC transport layer network protocol.
secure‚ÄčNetworkString, Enumv3. The type of deployment network you want to use. Specify Standard TLS as the enum standard-tls to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Specify Enhanced TLS as the enum enhanced-tls to deploy your certificate to Akamai's more secure network with PCI compliance capability.
sniDeployment.‚Äčnetwork‚ÄčConfiguration.‚Äčsni, Nullpre-v6. SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.
sni‚ÄčOnlyBooleanv6. Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.
Deployment.network‚ÄčConfiguration.sni: SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.
clone‚ÄčDns‚ÄčNamesBooleanpre-v6. Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.
dns‚ÄčNamesArray, Nullpre-v6. Names served by SNI-only enabled enrollments.
Deployment.primary‚ÄčCertificate: Primary certificate of the enrollment.
certificateStringv6. The certificate text.
expiryString, Nullv6. The expiration date for the certificate.
key‚ÄčAlgorithmEnumeration, Nullv7. The key algorithm of the certificate.
signature‚ÄčAlgorithmEnumeration, Nullv6. The SHA (Secure Hash Algorithm) function. Current values include SHA-1 & SHA-256.
trust‚ÄčChainStringv6. The trust chain for the certificate.

Sample v3 object

This version includes geographical locations and security options for the network where you deploy certificates. It uses this MIME type:

application/vnd.akamai.cps.deployment.v3+json
{
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
    "signatureAlgorithm": "SHA-256",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----",
    "networkConfiguration": {
        "geography": "standard-worldwide",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "secureNetwork": "enhanced-tls",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    }
}

Sample v7 object

This version includes both certificate types (RSA and ECDSA) and chains information. It uses this MIME type:

application/vnd.akamai.cps.deployment.v7+json
{
    "production": {
        "multiStackedCertificates": [
            {
                "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
                "expiry": "2019-06-10T12:00:00Z",
                "keyAlgorithm": "ECDSA",
                "signatureAlgorithm": "SHA-256",
                "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
            }
        ],
        "networkConfiguration": {
            "disallowedTlsVersions": [],
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ],
            "geography": "core",
            "mustHaveCiphers": "ak-akamai-default-2017q3",
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default-2017q3",
            "quicEnabled": false,
            "secureNetwork": "standard-tls",
            "sniOnly": true
        },
        "ocspStapled": true,
        "ocspUris": [
            "http://ocsp.example.com"
        ],
        "primaryCertificate": {
            "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
            "expiry": "2019-06-10T12:00:00Z",
            "keyAlgorithm": "RSA",
            "signatureAlgorithm": "SHA-256",
            "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
        }
    },
    "staging": {
        "multiStackedCertificates": [
            {
                "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
                "expiry": "2019-06-10T12:00:00Z",
                "keyAlgorithm": "ECDSA",
                "signatureAlgorithm": "SHA-256",
                "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
            }
        ],
        "networkConfiguration": {
            "disallowedTlsVersions": [],
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ],
            "geography": "core",
            "mustHaveCiphers": "ak-akamai-default-2017q3",
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default-2017q3",
            "quicEnabled": false,
            "secureNetwork": "standard-tls",
            "sniOnly": true
        },
        "ocspStapled": true,
        "ocspUris": [
            "http://ocsp.example.com"
        ],
        "primaryCertificate": {
            "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
            "expiry": "2019-06-10T12:00:00Z",
            "keyAlgorithm": "RSA",
            "signatureAlgorithm": "SHA-256",
            "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
        }
    }
}