Add the Protocol Downgrade behavior
The process to add Protocol Downgrade varies, based on a new or existing Object Delivery property.
Add it to a new Object Delivery property
This process doesn't cover all of the steps required to properly set up a new Object Delivery property. It only reveals the steps necessary to add the Protocol Downgrade (HTTPS Downgrade to Origin) behavior. See Define property configuration settings for more details on creating a Object Delivery property.
Protocol Downgrade (HTTPS Downgrade to Origin) is supported for use with either Standard TLS (L1) security or via the Akamai shared certificate hostname. You need to apply these securities via a Property hostname to Edge hostname association.
-
Determine the level of security you want for access requests to your property:
-
Standard TLS. First, you need to create a new certificate using the Akamai Certificate Provisioning System. You'll need to complete the entire process and wait for the certificate to provision before continuing. (You'll receive an email when the cert is ready.) There are some specific considerations:
-
When you enter certificate information](https://techdocs.akamai.com/cps/docs/enter-cert-info), ensure that you add all of your applicable vanity domain names, as either the Common Name (CN) if you're only using one, or as a combination of a CN and SANs, if you're including multiple domain names.
-
When you select network settings for the cert, select Standard TLS.
-
-
Akamai shared certificate hostname. This lets you quickly create a secure hostname that automatically incorporates a secure, shared certificate for access. There are no additional requirements if this is your chosen secure access method.
-
-
Create a new Object Delivery property using Property Manager.
-
Use the Property Hostname content panel to create a Property hostname to Edge hostname association, based on your selected level of security:
-
I'm using Standard TLS. Include the hostnames that you associated with the Standard TLS certificate you created.
-
I'm using the Akamai shared certificate. There are no additional requirements here.
-
-
In the Property Configuration Settings options, click Add Behavior.
-
In the Search available behaviors field, input "Protocol Downgrade" to filter the listed behaviors. Ensure that you select Protocol Downgrade (HTTPS Downgrade to Origin) from the list.
-
The new behavior is added to your configuration. Set the Status slider to On.
Add it to an existing Object Delivery property
You can apply the Protocol Downgrade (HTTPS Downgrade to Origin) behavior to an existing Object Delivery property, provided that configuration meets various requirements.
The property must deliver securely (HTTPS)
To support Protocol Downgrade (HTTPS Downgrade to Origin), an existing Object Delivery property must be set up to deliver content securely, via HTTPS. The following apply:
-
Standard TLS (L1). This is supported. You just need to add the behavior.
-
Shared Certificate hostname: This is supported. You just need to add the behavior.
-
Enhanced TLS (L3). This is NOT supported. You can migrate your configuration to Standard TLS (L1) if PCI compliance is not a concern in your environment. (PCI compliance isn't supported with Standard TLS.) Otherwise, you can work with your Account Representative to implement the legacy Protocol Downgrade behavior.
-
No security. This would apply if your current configuration delivers exclusively via HTTP and you need to convert to HTTPS, but want to keep the connection from your origin to the end user as HTTP. Here, you can apply security to this configuration (Standard TLS or Shared certificate hostname) and then apply this behavior. This would be similar to adding the behavior to a new property.
Add the Protocol Downgrade (HTTPS Downgrade to Origin) behavior
-
In the Property Configuration Settings options, click Add Behavior.
-
In the Search available behaviors field, input "Protocol Downgrade" to filter the listed behaviors. Ensure that you select Object Delivery from the list.
-
The new behavior is added to your configuration. Set the Status slider to On.
The Cache Key Sharing behavior might be necessary
Once you enable this behavior in your Object Delivery property, a warning message is added to the Errors/Warnings/Notes Messages Display at the bottom of the Property Manager Editor. Click the up triangle () to display messages.
As a result of the change from HTTPS to HTTP, the cache key will change. You should add the Cache Key Sharing behavior and set it to "On," if your origin cannot handle the excessive additional requests that this change may require.
This applies to adding Protocol Downgrade to both new and existing properties
Updated over 2 years ago