Guide
Start typing to search…
  1. Welcome

Welcome to Mutual TLS Edge Truststore (Limited Availability)

How Mutual TLS Edge Truststore works

The transport layer security (TLS) protocol is used to secure connections between a client and server. With a common TLS-secured web connection, only the client validates the identity of the server before allowing communications. With mutual TLS-secured (mTLS) web connections, both the client and the server validate the identity of one another, before allowing communication between the two. The client and server each present a TLS identity certificate to the other, with each side verifying the authenticity, during what's called the TLS handshake. Once verified, the identity information is used to authorize additional communication requests between the two.

Mutual TLS Edge Truststore lets you create, manage, and activate certificate authority (CA) sets. A CA set allows ​Akamai​ to authenticate clients accessing your content. You can think of a CA set as a virtual certificate truststore, where you bind it with one or more of your edge certificates to facilitate mutual authentication (mTLS).

You can create up to 200 CA sets per account and 300 CA certificates per CA set version. Each CA set has certificates that validate client certificates, and may contain different groupings of trusted intermediate and root certificates. These groupings meet different mTLS requirements for your edge certificates.

📘

Limited access to the mTLS Edge Truststore

Mutual TLS Edge Truststore is currently only available for selected customers.

mTLS workflow

Once a new CA set is created and activated on staging and production networks, you can use the Certificate Provisioning System to apply that CA set to one or more edge certificates on a contract. This enables mTLS for the secure hostnames on the certificates.

Use this workflow to set up mTLS for your edge certificates.

  1. Create a CA set. Sets up a CA set for mTLS.
  2. Create a new version and add certificates. Readies your CA set for activation on staging and production networks.
  3. Activate the CA set version. This deploys the certificates from this CA set version to the chosen network.
  4. Set up mutual authentication. Binds your mTLS-enabled certificates to your CA set with CPS.
  5. Enforce mTLS settings. Ensures that your property's requests come from TLS connections.

Get started

Log in to ​Control Center​, go to > CDN > mTLS Edge Truststore, and Protect connections with mTLS.

Developer tools

mTLS Edge Truststore API

What's new

Release notes

Updated 4 days ago