How Mutual TLS Edge Truststore works

With Mutual TLS Edge Truststore, you can create, manage, and activate certificate sets (CA sets) that enable ​Akamai​ to authenticate clients accessing your content.

You can create multiple CA sets. Each CA set contains a collection of certificates that validate the client certificates presented by a user during the TLS handshake at the edge server — that's mutual authentication (mTLS).

You can think of a CA set as a virtual certificate truststore that can be associated with one or more of your edge certificates to facilitate TLS mutual authentication (mTLS). You can create up to 200 CA sets and 300 CA certificates per CA set. Each CA set can contain different groupings of trusted intermediate and root certificates that are intended to satisfy different mTLS requirements that can be applied to your edge certificates.

Once a new CA set is created and activated on staging and production networks, you can use Certificate Provisioning System to apply that CA set to one or more edge certificates on a contract to enable mTLS for the secure hostnames on the certificates.

📘

Limited access to the mTLS Edge Truststore

Mutual TLS Edge Truststore is currently only available for selected customers.

Get started

1. Create CA set workflow overview.
2. Create a CA set to enable mTLS step-by-step instructions.

Access Mutual TLS Edge Truststore

To launch mTLS Edge Truststore, in ​Akamai Control Center​ go to ☰ > CDN > mTLS Edge Truststore.

You can start creating and managing your CA certificate sets.

Developer tools

mTLS Edge Truststore API

What's new

Release notes