This table aggregates membership for all versions of the Deployment object.

Versioned schema members

Any object member specific to a range of versions is indicated in its description, at what version the member was either introduced or removed. Any listed data member with no version number is common to all versions of the object.

Member	Type	Description
`Deployment`: Deploys your certificate to a network.
`certificate`	String	pre-v6. The certificate text.
`multiStackedCertificates`	Deployment.multiStackedCertificates[]	v6. Deployment may include multiple dual-stacked certificates.
`networkConfiguration`	Deployment.networkConfiguration	required: Network configuration properties.
`ocspStapled`	Boolean, Null	v6. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Enable this feature for best performance.
`ocspUris`	Array, Null	v6. URI used for OCSP stapling validation.
`primaryCertificate`	Deployment.primaryCertificate	v6. Primary certificate of the enrollment.
`signatureAlgorithm`	String, Null	pre-v6. The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.
`trustChain`	String	pre-v6. The trust chain text. You may have any number of trust chains.
`Deployment.multiStackedCertificates[]`: Deployment may include multiple dual-stacked certificates.
`certificate`	String	v6. The certificate text.
`expiry`	String, Null	v6. The expiration date for the certificate.
`keyAlgorithm`	Enumeration, Null	v7. The key algorithm of the certificate.
`signatureAlgorithm`	Enumeration, Null	v6. The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.
`trustChain`	String	v6. The trust chain for the certificate.
`Deployment.networkConfiguration`: Network configuration properties.
`disallowedTlsVersions`	Array, Null	v2. Disallowed TLS protocols.
`dnsNames`	Array, Null	v6. Names served by SNI-only enabled enrollments.
`geography`	Enumeration, Enum	v3. Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.
`mustHaveCiphers`	String, Null	Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.
`networkType`	String, Null	pre-v3. Type of the network that you want to deploy your certificate in, either `standard-worldwide`, `worldwide-russia`, or `worldwide`.
`ocspStapling`	String, Null	v6. OCSP stapling setting for the deployment.
`preferredCiphers`	String, Null	Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.
`quicEnabled`	Boolean	v6. QUIC transport layer network protocol.
`secureNetwork`	String, Enum	v3. The type of deployment network you want to use. Specify Standard TLS as the enum `standard-tls` to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Specify Enhanced TLS as the enum `enhanced-tls` to deploy your certificate to Akamai's more secure network with PCI compliance capability.
`sni`	Deployment.networkConfiguration.sni, Null	pre-v6. SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.
`sniOnly`	Boolean	v6. Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.
`fipsMode`	Boolean	v12. Enables Federal Information Processing Standards (FIPS) for the enrollment. In this mode, Akamai edge servers present only those cipher suites from the selected cipher profile that have been validated for FIPS 140-2. Cipher suites that have not been validated for FIPS 140-2 are not presented to active clients, even if those suites are listed as part of the selected cipher profile. To ensure end-to-end FIPS-validated traffic on Akamai’s network for your applications that require FIPS certification, you need to also enable this setting in Property Manager for the property. FIPS mode requires that TLS 1.2, TLS 1.3, or both are enabled on the certificate. You can’t list these TLS versions as disabled in the `disallowedTlsVersions` deployment object. An active (non-deprecated) cipher profile needs to be used for both `mustHaveCiphers` and `preferredCiphers` when FIPS mode is enabled. Enabling FIPS mode will disable the QUIC protocol for this certificate. For details, see Update SSL/TLS cipher profiles .
`Deployment.networkConfiguration.sni`: SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.
`cloneDnsNames`	Boolean	pre-v6. Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.
`dnsNames`	Array, Null	pre-v6. Names served by SNI-only enabled enrollments.
`Deployment.primaryCertificate`: Primary certificate of the enrollment.
`certificate`	String	v6. The certificate text.
`expiry`	String, Null	v6. The expiration date for the certificate.
`keyAlgorithm`	Enumeration, Null	v7. The key algorithm of the certificate.
`signatureAlgorithm`	Enumeration, Null	v6. The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.
`trustChain`	String	v6. The trust chain for the certificate.

Sample v3 object

This version includes geographical locations and security options for the network where you deploy certificates. It uses this MIME type:

application/vnd.akamai.cps.deployment.v3+json

{
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
    "signatureAlgorithm": "SHA-256",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----",
    "networkConfiguration": {
        "geography": "standard-worldwide",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "secureNetwork": "enhanced-tls",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    }
}

Sample v7 object

This version includes both certificate types (RSA and ECDSA) and chains information. It uses this MIME type:

application/vnd.akamai.cps.deployment.v7+json

{
    "production": {
        "multiStackedCertificates": [
            {
                "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
                "expiry": "2019-06-10T12:00:00Z",
                "keyAlgorithm": "ECDSA",
                "signatureAlgorithm": "SHA-256",
                "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
            }
        ],
        "networkConfiguration": {
            "disallowedTlsVersions": [],
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ],
            "geography": "core",
            "mustHaveCiphers": "ak-akamai-default-2017q3",
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default-2017q3",
            "quicEnabled": false,
            "secureNetwork": "standard-tls",
            "sniOnly": true
        },
        "ocspStapled": true,
        "ocspUris": [
            "http://ocsp.example.com"
        ],
        "primaryCertificate": {
            "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
            "expiry": "2019-06-10T12:00:00Z",
            "keyAlgorithm": "RSA",
            "signatureAlgorithm": "SHA-256",
            "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
        }
    },
    "staging": {
        "multiStackedCertificates": [
            {
                "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
                "expiry": "2019-06-10T12:00:00Z",
                "keyAlgorithm": "ECDSA",
                "signatureAlgorithm": "SHA-256",
                "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
            }
        ],
        "networkConfiguration": {
            "disallowedTlsVersions": [],
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ],
            "geography": "core",
            "mustHaveCiphers": "ak-akamai-default-2017q3",
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default-2017q3",
            "quicEnabled": false,
            "secureNetwork": "standard-tls",
            "sniOnly": true
        },
        "ocspStapled": true,
        "ocspUris": [
            "http://ocsp.example.com"
        ],
        "primaryCertificate": {
            "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... ZlSw==\n-----END CERTIFICATE-----",
            "expiry": "2019-06-10T12:00:00Z",
            "keyAlgorithm": "RSA",
            "signatureAlgorithm": "SHA-256",
            "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... <sample - removed for readability> .... JuAIQ=\n-----END CERTIFICATE-----"
        }
    }
}