This section summarizes the API's workflow patterns to create your CA set and enable mTLS. See the API summary for details on all operations.


This mTLS Edge Truststore workflow differs from the TCM workflow

The main differences are that activations (formerly known as deployments) are separate from a CA set or version creation

Enable mTLS

  1. In Certificate Provisioning System (CPS), create a certificate enrollment.
  2. In the mTLS Edge Truststore:
    1. Create a CA set .
    2. Create a CA set version and add certificates.
    3. Optionally, Update your existing CA set version.
    4. Activate the CA set version on staging or production.
    5. Ensure that the CA set has been activated on the network. Check that the activation status is COMPLETE.
  3. In CPS, set up mutual authentication.
  4. In Property Manager (PM), create a property or edit an existing one to assign hostnames to a property version. Use the secure edge hostname tied to the same certificate/slot that was configured via CPS. You can use the PM behaviors and rules to configure mutual authentication and ​Akamai​ edge server handling the origin requests for the secure origin hostnames.

​Akamai​ edge server uses metadata, slot metadata, and CA sets to perform mutual TLS of incoming requests for the customer origin and handle accordingly.