Guide
TrainingSupportCommunity

Account CA certificates

Suggest Edits

The mTLS Origin Keystore application manages the lifecycle of your account CA certificate, also referred to as CA certificate (see Key concepts and terms: Account CA). When the first Akamai signer client certificate is created under the account, mTLS Origin Keystore automatically generates a CA certificate for the account. The qualified CA certificate’s status is Current and is ready to sign client certificates for the account. Notification recipients receive an email about the available CA certificate.

Select the Account CA certificates tab to view these CA certificate details and the certificate:

  • Common name: Includes the Akamai account’s cache-key ID and a sequential number generated by mTLS Origin Keystore. For example, the Akamai account’s cache-key ID is “1234” and the first generation of the account CA certificate is “G1”. The CA certificate’s common name is “1234 Account G1”.
  • Status: Indicates the CA certificate’s signing qualification. Either Current or Previous.
    • Current. This is the default CA certificate. It signs new client certificates and certificate versions under the account.
    • Previous. When the current CA certificate is rotated, its status changes to Previous and a new CA certificate is generated with a new common name and Current status. This CA certificate may still be valid and in use, but can no longer sign new client certificates or certificate versions.

      📘

      Only Akamai account administrators can rotate an account CA certificate. If you need the CA certificate renewed, contact your Akamai account representative for assistance.

  • Issued date: The date mTLS Origin Keystore generated the CA certificate.
  • Expiration date: The date the CA certificate expires. It exceeds the expiration date of the signed client certificate.
    Used in: Identifies the client certificates signed by the CA certificate.
  • Subject: The CA certificate’s key value details. C=Country, O=Organization, OU=Contract ID, Group ID, and secure traffic network, and CN=Common Name.
  • ID: Unique identifier for CA certificate.

Updated 5 months ago