Gets an enrollment.

Path Params
integer
required

Enrollment on which to perform the desired operation.

Query Params
string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Response

Response body
object
object | null

Contact information for the certificate administrator that you want to use as a contact at your company.

string | null
required

The address of your organization.

string | null
required

The address of your organization.

string | null
required

The city where your organization resides.

string | null
required

The country where your organization resides.

string | null
required

The email address of the administrator who you want to use as a contact at your company.

string | null
required

The first name of the administrator who you want to use as a contact at your company.

string | null
required

The last name of the administrator who you want to use as a contact at your company.

string | null
required

The name of your organization.

string | null
required

The phone number of your organization.

string | null
required

The postal code of your organization.

string | null
required

The region of your organization, typically a state or province.

string | null
required

The title of the administrator who you want to use as a contact at your company.

array of integers | null

Slots where the certificate is either deployed or is already deployed.

assignedSlots
string | null

The specific date on which the renewal automatically starts for the enrollment.

string | null

The kind of certificate trust chain. This is either default or symantec1kroot.

default symantec1kroot

string
required

Either san, single, wildcard, wildcard-san, or third-party. See Enrollment.validationType Values for details.

san single wildcard wildcard-san third-party

boolean
required

Setting this to true for an enrollment stops CPS from deploying the certificate to the network until you acknowledge you're ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment, and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the Edge Staging Network User Guide. You can also contact your account representative with questions or issues with your service on the ESN.

csr
object
required

When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.

string | null

The country code for the country where your organization is located.

string
required
length ≥ 1

The domain name to use for the certificate, also known as the common name. Note that the organization specified as the o needs to own or have legal rights to this domain name.

string | null

Your city in the locality (city).

string | null

The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.

string | null

Your organizational unit.

string | null

For the Let's Encrypt Domain Validated (DV) SAN certificates, a preferred trust chain isn't needed. The default value is null. For organization validation (OV) and extended validation (EV) SAN certificates, use these RA and validation type combinations: symantec and ov, geotrust and ov, or symantec and ev. Note that the allowed value derives from the trust-chain call. For entity versions that support preferredTrustChain, the CPS engine rejects null. For entity versions that don't support preferredTrustChain, the CPS engine stores default in the database.

array of strings | null

Additional cn values to create a Subject Alternative Names (SAN) list. If there are no SANs, the response shows an empty list. Removing a SAN list from an enrollment may disrupt your service for TLS connections.

sans
string | null

Your state or province.

boolean
required

Enable Dual-Stacked certificate deployment for this enrollment. The next renewal includes the change. Note that this value is only returned for third-party certificates. Otherwise it's omitted from the response.

string | null

The unique identifier of the enrollment.

string | null

The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.

integer | null
≥ 0

Maximum number of SAN names supported for this enrollment type.

integer | null
≥ 0

Maximum number of Wildcard SAN names supported for this enrollment type.

networkConfiguration
object
required

Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.

object | null

The configuration for client mutual authentication. Specifies the trust chain that verifies client certificates and some configuration options.

array of strings | null

Specify the TLS protocol versions you want to disallow.

disallowedTlsVersions
object | null

DNS name settings.

boolean | null

Enables Federal Information Processing Standards (FIPS) for the enrollment. When enabled, you need to use an active (non-deprecated) cipher profile for both mustHaveCiphers and preferredCiphers. For details, see Update SSL/TLS cipher profiles.

string
required

Specifies the type of network where you want to deploy your certificate. Use core to deploy across most of the world except for specially licensed areas. Use china+core to include China, or russia+core to include Russia. Any non-core deployment needs to be enabled on your contract based on approval from the Chinese or Russian governments.

core china+core russia+core

string | null

Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.

string | null

Enable OCSP stapling for the enrollment. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Specify OCSP Stapling if you want to improve performance by allowing your site's visitors to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response needs to be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want your site's visitors to contact the CA directly for an OSCP response. You can use OCSP to obtain a certificate's revocation status. You should enable this feature. Use on to enable OSCP Stapling, off to disable it, or not-set to ignore it.

on off not-set

string | null

Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.

boolean
required

Set to true to enable QUIC protocol.

string
required

Identifies the type of deployment network. enhanced-tls means Akamai's more secure network with PCI compliance capability, while standard-tls means Akamai's standard secure network.

enhanced-tls standard-tls

boolean
required

SNI settings for your enrollment. Set to true to enable SNI-only for the enrollment. This setting cannot be changed once an enrollment is created.

object | null

Your organization information.

string | null
required

The address of your organization.

string | null
required

The address of your organization.

string | null
required

The city where your organization resides.

string | null
required

The country where your organization resides.

string | null
required

The name of your organization.

string | null
required

The phone number of the administrator who you want to use as a contact at your company.

string | null
required

The postal code of your organization.

string | null
required

The region where your organization resides.

integer | null
≥ 0

The Digicert unique identifier for the organization. If you use this value in a PUT or POST request, you can set the org, techContact, and adminContact values to null.

array of objects | null

Returns the Changes currently pending in CPS. The last item in the array is the most recent change.

pendingChanges
object
string | null

Indicates the certificate's pending change action. This is either new-certificate, modify-certificate, modify-san, or renewal.

new-certificate modify-certificate modify-san renewal

string
required
length ≥ 1

Location to fetch related change information.

array of integers | null

Slots where the certificate is deployed on the production network.

productionSlots
string
required

The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. This is either symantec, lets-encrypt, or third-party.

symantec lets-encrypt third-party

string | null

Identifies the SHA (Secure Hash Algorithm) function. The NSA (National Security Agency) designed this function to produce a hash of certificate contents, for use in a digital signature. This is either SHA-1 for a 160-bit (20-byte) hash or SHA-256 for a 256-bit (32-byte) hash. To ensure a secure hash function, use SHA-256.

SHA-1 SHA-256

array of integers | null

Slots where the certificate is deployed on the staging network.

stagingSlots
object | null

Contact information for an administrator at Akamai.

string | null
required

The address for an administrator at Akamai.

string | null
required

The address for an administrator at Akamai.

string | null
required

The city for an administrator at Akamai.

string | null
required

The country for an administrator at Akamai.

string | null
required

The email address of the administrator who you want to use as a contact at your company.

string | null
required

The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.

string | null
required

The last name of the technical contact who you want to use within Akamai.

string | null
required

The name of your organization in Akamai where your technical contact works.

string | null
required

The phone number of the technical contact who you want to use within Akamai.

string | null
required

The postal code for an administrator at Akamai.

string | null
required

The region for an administrator at Akamai.

string | null
required

The title for an administrator at Akamai.

object | null

Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.

boolean
required

If this is true, then the SANs in the enrollment don't appear in the CSR that CPS submits to the CA.

string
required

CPS supports several types of validation: dv, ev, ov, or third-party. Domain Validation (dv) offers the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (ov) offers the next level of validation. The CA validates that you have control of the domain. Extended Validation (ev) offers the highest level of validation, in which you need to have signed letters and notaries sent to the CA before signing. You can also specify third-party if you want to use a signed certificate you obtain from a CA that CPS doesn't directly support.

dv ev ov third-party

Language
Authentication
URL