Update an enrollment

put

https://{hostname}/cps/v2/enrollments/{enrollmentId}

Updates an enrollment with changes. Response type varies depending on the type and impact of change. For example, changing SANs list may return HTTP 202 Accepted since the operation requires a new certificate and network deployment operations, and thus can't be completed without a change. On the contrary, for example a Technical Contact name change may return HTTP 200 OK assuming there are no active change and when the operation does not require a new certificate.

Note that fipsMode requires that TLS 1.2, TLS 1.3, or both are enabled on the certificate. You can’t list these TLS versions as disabled in the disallowedTlsVersions deployment object. When fipsMode is enabled, you need to use an active (non-deprecated) cipher profile for both mustHaveCiphers and preferredCiphers. For details, see Update SSL/TLS cipher profiles.

Path Params

enrollmentId

integer

required

Enrollment on which to perform the desired operation.

Query Params

allow-cancel-pending-changes

boolean

Cancels all pending changes when updating an enrollment.

allow-staging-bypass

boolean

Bypass staging and push metadata updates directly to the production network. The current change also updates with the same changes.

deploy-not-after

string

Don't deploy after this date (UTC).

deploy-not-before

string

Don't deploy before this date (UTC).

force-renewal

boolean

Force certificate renewal for Enrollment.

renewal-date-check-override

boolean

CPS automatically starts a change to renew certificates in time before they expire. This automatic change starts when the certificate's expiration is within a renewal window. CPS prevents other changes from starting during this renewal window. Setting renewal-date-check-override=true allows changes during the renewal window, potentially running the risk of an expired certificate on the network.

allow-missing-certificate-addition

boolean

Applicable for Third Party Dual Stack Enrollments, allows to update missing certificate. Option supported from v10.

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.

adminContact

object | null

Contact information for the certificate administrator that you want to use as a contact at your company.

assignedSlots

array of integers | null

Slots where the certificate is either deployed or is already deployed.

assignedSlots

autoRenewalStartTime

string | null

The specific date on which an automatic renewal starts for the enrollment. If a renewal is scheduled but has not started yet, the field specifies that date. If a renewal is already queued or running, the field is null.

certificateChainType

string | null

enum

The kind of certificate trust chain. This is either default or symantec1kroot.

Allowed:

certificateType

string

enum

required

Either san, single, wildcard, wildcard-san, or third-party. See Enrollment.validationType Values for details.

Allowed:

changeManagement

boolean

required

Setting this to true for an enrollment stops CPS from deploying the certificate to the network until you acknowledge you're ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment, and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the Edge Staging Network User Guide. You can also contact your account representative with questions or issues with your service on the ESN.

csr

object

required

When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.

enableMultiStackedCertificates

boolean

required

Enable Dual-Stacked certificate deployment for this enrollment. The next renewal includes the change. Note that this value is only returned for third-party certificates. Otherwise it's omitted from the response.

string | null

The unique identifier of the enrollment.

location

string | null

The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.

maxAllowedSanNames

integer | null

≥ 0

Maximum number of SAN names supported for this enrollment type.

maxAllowedWildcardSanNames

integer | null

≥ 0

Maximum number of Wildcard SAN names supported for this enrollment type.

networkConfiguration

object

required

Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.

org

object | null

Your organization information.

orgId

integer | null

≥ 0

The Digicert unique identifier for the organization. If you use this value in a PUT or POST request, you can set the org, techContact, and adminContact values to null.

pendingChanges

array of objects | null

Returns the Changes currently pending in CPS. The last item in the array is the most recent change.

pendingChanges

productionSlots

array of integers | null

Slots where the certificate is deployed on the production network.

productionSlots

string

enum

required

The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. This is either symantec, lets-encrypt, or third-party.

Allowed:

signatureAlgorithm

string | null

enum

Identifies the SHA (Secure Hash Algorithm) function. The NSA (National Security Agency) designed this function to produce a hash of certificate contents, for use in a digital signature. This is either SHA-1 for a 160-bit (20-byte) hash or SHA-256 for a 256-bit (32-byte) hash. To ensure a secure hash function, use SHA-256.

Allowed:

stagingSlots

array of integers | null

Slots where the certificate is deployed on the staging network.

stagingSlots

techContact

object | null

Contact information for an administrator at Akamai.

thirdParty

object | null

Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.

validationType

string

enum

required

CPS supports several types of validation: dv, ev, ov, or third-party. Domain Validation (dv) offers the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (ov) offers the next level of validation. The CA validates that you have control of the domain. Extended Validation (ev) offers the highest level of validation, in which you need to have signed letters and notaries sent to the CA before signing. You can also specify third-party if you want to use a signed certificate you obtain from a CA that CPS doesn't directly support.

Allowed:

Responses

200The response reflects the modified enrollment.

202The response reflects the resource was accepted.