How Mutual TLS Edge Truststore works

Mutual TLS Edge Truststore lets you create, manage, and activate certificate authority (CA) sets. A CA set allows ​Akamai​ to authenticate clients accessing your content. You can think of a CA set as a virtual certificate truststore, where you bind it with one or more of your edge certificates to facilitate mutual authentication (mTLS).

You can create up to 200 CA sets per account and 300 CA certificates per CA set version. Each CA set has certificates that validate client certificates, and may contain different groupings of trusted intermediate and root certificates. These groupings meet different mTLS requirements for your edge certificates.

When users present their client certificates at the edge server, mTLS is established during the TLS handshake.

📘

Limited access to the mTLS Edge Truststore

Mutual TLS Edge Truststore is currently only available for selected customers.

mTLS workflow

Once a new CA set is created and activated on staging and production networks, you can use the Certificate Provisioning System to apply that CA set to one or more edge certificates on a contract. This enables mTLS for the secure hostnames on the certificates.

Use this workflow to set up mTLS for your edge certificates.

1. Create a CA set. Sets up a CA set for mTLS.
2. Create a new version and add certificates. Readies your CA set for activation on staging and production networks.
3. Activate the CA set version. This deploys the certificates from this CA set version to the chosen network.
4. Set up mutual authentication. Binds your mTLS-enabled certificates to your CA set with CPS.
5. Enforce mTLS settings. Ensures that your property's requests come from TLS connections.

Get started

Log in to ​Control Center​, go to ☰ > CDN > mTLS Edge Truststore, and Create a CA set to enable mTLS.

Developer tools

mTLS Edge Truststore API

What's new

Release notes

Tutorials

Protect connections with mTLS