Guide

Provision certificates

Suggest Edits

Increase your customers' trust, encrypt sensitive information, and improve SEO rankings using TLS domain validation or third-party certificates that securely deliver content to and from your site.

Akamai managed certificates

Akamai-managed enrollments provide certificates that verify ownership of the domains you provide.

When you create a domain validation enrollment, we automatically verify your domains and set a certificate expiry of 90 days.

Create new

Use your contract ID to send an enrollment object with all required parameters as a variable or JSON string in the new enrollment command.

Parameter Description
Required
ra The registration or certificate authority you want to use for your certificate. Choose one of symantec, lets-encrypt, or third-party.
validationType The type of validation performed for your certificate. Values are:
  • dv. Domain validation.
  • ev. Extended validation.
  • ov. Organization validation.
  • third-party. Third-party validation.
certificateType The type of certificate. Values are:
  • san. Subject alternative names.
  • single. Single domain.
  • wildcard. Primary domain and its subdomains.
  • wildcard-san. Multiple domains and their subdomains.
  • third-party. Varies depending on user needs and the certificate authority used.
networkConfiguration An object that contains your network settings. Required parameters:
  • geography. Required. Where to deploy your certificate. Values are core, china+core, and russia+core. China and Russia deployments require respective government permissions.
  • sniOnly. Required. Whether you want to enable the SNI-only extension for the enrollment.
  • secureNetwork. Required. The type of secure network for deployment. Values are standard-tls for non-PCI compliant or enhanced-tl for PCI compliant.
  • preferredCiphers. Ciphers you preferably want to include in the enrollment when deployed on the network. Defaults to ak-akamai-2020q1 if not set. For more information on cipher profiles, see Update SSL/TLS cipher profiles.
  • ocspStapling. The status of an enrollment's use of the online certificate status protocol (OCSP) stapling, either on, off, or not-set. Defaults to on if not set. The OCSP stapling improves performance by including a valid OCSP response in every TLS handshake. This option allows the visitors on your site to query the OCSP server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore, ensuring security. Disable the OCSP stapling if you want your site visitors to contact the certificate authority (CA) directly for an OCSP response. The OCSP allows you to obtain the revocation status of a certificate.
  • mustHaveCiphers. Ciphers you definitely want to include in the enrollment when deployed on the network. Defaults to ak-akamai-2020q1 if not set. For more information on cipher profiles, see Update SSL/TLS cipher profiles.
  • fipsMode. Whether to enable Federal Information Processing Standards (FIPS) for the enrollment. When enabled, you need to use an active (non-deprecated) cipher profile for both mustHaveCiphers and preferredCiphers. For details, see Update SSL/TLS cipher profiles.
  • dnsNameSettings. DNS name settings.
    • cloneDnsNames. Enable it if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.
    • dnsNames. Names served by SNI-only enabled enrollments.
  • disallowedTlsVersions. The TLS protocol versions you want to disallow.
  • clientMutualAuthentication. The configuration for client mutual authentication, specifying the trust chain used to verify client certificates among other options. Requires these additional parameters:
    • authenticationOptions. Required. The configuration options for the selected trust chain. Requires these additional parameters:
      • ocsp. Required. Whether you want to enable the online certificate status protocol (OCSP) stapling for client certificates..
      • sendCaListToClient. Required. Whether you want to enable the server to send the certificate authority (CA) list to the client.
    • setId. The trust chain set ID, created in mTLS Edge Truststore.
  • quicEnabled. Deprecated. Whether to use the QUIC transport layer network protocol. Legacy Google QUIC (gQUIC) is no longer supported on the Akamai platform. Selecting this option has no effect on behavior. For HTTP/3 and IETF QUIC, use the HTTP/3 behavior in Property Manager. See HTTP3 documentation for more details.
changeManagement Manages the deployment of your certificate.
  • false automatically deploys your certificate to both the staging and production networks.
  • true allows you to acknowledge you're ready to deploy the certificate beforehand.
You can test the certificate outside of CPS on the Edge Staging Network (ESN) to make sure it works in your environment and then deploy the certificate using the Set-CPSDeploymentSchedule cmdlet.
csr An object containing your certificate signing request specifics.
  • cn. Required. The common name for your certificate.
  • c. The country code for your company's location.
  • st. The state or province in which your company is located.
  • l. The city in which your company is located.
  • o. Your company's name.
  • ou. Your company's organizational unit.
  • preferredTrustChain. The Let's Encrypt trust chain option chosen at the time the certificate was created. If one wasn't chosen, the value represents the default Akamai option.
  • sans. An array of your SANs.
org An object containing your company's address information.
  • name. Required. Your company's name.
  • phone. Required. Your contact's main phone number in ITU-T E.164 format, +{country-code}{area-code}{subscriber-number}.
  • postalCode. Required. Your company's postal code.
  • city. Required. The city where your company resides.
  • region. Required. Your company's region, typically a state or province.
  • country. Required. The country code for your company's location.
  • addressLineOne. Required. Your company's address.
  • addressLineTwo. Required. Your company's address.
adminContact An object containing the contact information for your admin representative.
  • firstName. Required. Your contact's given name.
  • lastName. Required. Your contact's surname.
  • title. Required. Your contact's job title.
  • phone. Required. Your contact's main phone number in ITU-T E.164 format, +{country-code}{area-code}{subscriber-number}.
  • email. Required. Your contact's email address.
  • organizationName. Required. Your company's name.
  • postalCode. Required. Your company's postal code.
  • city. Required. The city where your company resides.
  • region. Required. Your company's region, typically a state or province.
  • country. Required. The country code for your company's location.
  • addressLineOne. Required. Your company's address.
  • addressLineTwo. Required. Your company's address.
techContact An object containing the contact information for your technical representative.
  • firstName. Required. Your contact's given name.
  • lastName. Required. Your contact's surname.
  • title. Required. Your contact's job title.
  • phone. Required. Your contact's main phone number in ITU-T E.164 format, +{country-code}{area-code}{subscriber-number}.
  • email. Required. Your contact's email address.
  • organizationName. Required. Your company's name.
  • postalCode. Required. Your company's postal code.
  • city. Required. The city where your company resides.
  • region. Required. Your company's region, typically a state or province.
  • country. Required. The country code for your company's location.
  • addressLineOne. Required. Your company's address.
  • addressLineTwo. Required. Your company's address.
enableMultiStackedCertificates Whether to enable Dual-Stacked certificate deployment for your enrollment.
Optional
id Your enrollment's ID.
location The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.
orgId The Digicert identifier for your company. If you use this, set the org, techContact, and adminContact parameters to null.
assignedSlots Slots where the certificate is either deployed or is already deployed.
autoRenewalStartTime The specific timestamp on which the renewal automatically starts for the enrollment.
certificateChainType The type of certificate trust chain. This is either default or symantec1kroot. Defaults to default if not set.
maxAllowedSanNames The maximum number of SAN names supported for this enrollment type.
maxAllowedWildcardSanNames The maximum number of Wildcard SAN names supported for this enrollment type.
pendingChanges The changes currently pending in CPS. The last item in the array is the most recent change. Contains:
  • location. Required. The location to fetch related change information.
  • changeType. The certificate's pending change action, either new-certificate, modify-certificate, modify-san, or renewal.
productionSlots Slots where the certificate is deployed on the production network.
stagingSlots Slots where the certificate is deployed on the staging network.
signatureAlgorithm Your digital signature hash designation. Values are SHA-1 for a 160-bit (20-byte) hash or SHA-256 for a 256-bit (32-byte) hash.
thirdParty Specifies that you want to use a third-party certificate. This is any certificate that is not issued through CPS. Contains:
  • excludeSans. Required. If this is true, then the SANs in the enrollment don't appear in the CSR that CPS submits to the CA.
 
$body = @{
  ra = "lets-encrypt"
  validationType = "dv"
  certificateType = "san"
  networkConfiguration = @{
    geography = "core"
    secureNetwork = "standard-tls"
    sniOnly = $true
    quicEnabled = $false
    dnsNameSettings = @{
      cloneDnsNames = $true
    }
  }
  changeManagement = $true
  csr = @{
    cn = "example.enrollment.net"
    c = "US"
    st = "Cambridge"
    l = "Cambridge"
    o = "Akamai"
    sans = @(
      "example.enrollment.net"
    )
  }
  org = @{
    name = "Akamai"
    addressLineOne = "1234 Main Street"
    city = "Boston"
    region = "MA"
    postalCode = "02142"
    country = "US"
    phone = "(617) 555-1234"
  }
  adminContact = @{
    firstName = "John"
    lastName = "Smith"
    phone = "(617) 555-1234"
    email = "jsmith@example.com"
  }
  techContact = @{
    firstName = "John"
    lastName = "Smith"
    phone = "(617) 555-1234"
    email = "jsmith@example.com"
  }
  enableMultiStackedCertificates = $false
  signatureAlgorithm = "SHA-256"
}

New-CPSEnrollment -ContractID "ctr_C-0N7RAC7" -Body $body

New-CPSEnrollment -ContractID "ctr_C-0N7RAC7" -Body '{@{"ra": "lets-encrypt", "validationType": "dv", "certificateType": "san", "networkConfiguration": {"geography": "core", "secureNetwork": "standard-tls", "sniOnly": true"quicEnabled": false, "dnsNameSettings": {"cloneDnsNames": true}}, "changeManagement": true, "csr": {"cn": "example.enrollment.net", "c": "US", "st": "Cambridge", "l": "Cambridge", "o": "Akamai", "sans": ["example.enrollment.net"]}, "org": {"name": "Akamai", "addressLineOne": "1234 Main Street", "city": "Boston", "region": "MA", "postalCode": "02142", "country": "US", "phone": "(617) 555-1234"}, "adminContact": {"firstName": "John", "lastName": "Smith", "phone": "(617) 555-1234", "email": "jsmith@example.com"}, "techContact": {"firstName": "John", "lastName": "Smith", "phone": "(617) 555-1234", "email": "jsmith@example.com"}, "enableMultiStackedCertificates": false, "signatureAlgorithm": "SHA-256"}}'

Akamai automatically verifies your domain and deploys it to both the staging and production networks when you set changeManagement to false.

If you would rather test on staging before deploying to production, set the value to true, run your tests, and then use the Set-CPSDeploymentSchedule cmdlet to deploy your certificate to the production network.

New from existing

To create a new domain validation certificate from an existing enrollment, get the enrollment, make changes, and send your enrollment object as a variable or JSON string in the new enrollment command.

  1. Get your enrollments to find the ID of the one you want to use as your starting point.

    Get-CPSEnrollment

    id                             : 123456
productionSlots                : {112233}
stagingSlots                   : {112233}
assignedSlots                  : {112233}
location                       : /cps/v2/enrollments/123456
ra                             : lets-encrypt
validationType                 : dv
certificateType                : san
certificateChainType           : default
networkConfiguration           : @{geography=core; secureNetwork=enhanced-tls; 
                                mustHaveCiphers=ak-akamai-default; 
                                preferredCiphers=ak-akamai-default; 
                                disallowedTlsVersions=System.Object[]; sniOnly=True; 
                                quicEnabled=True; dnsNameSettings=; ocspStapling=on; 
                                clientMutualAuthentication=}
signatureAlgorithm             : SHA-256
changeManagement               : False
csr                            : @{cn=example.enrollment.net; c=US; st=Cambridge; l=Cambridge; 
                                o=Akamai; ou=; sans=System.Object[]; 
                                preferredTrustChain=dst-root-ca-x3}
org                            : @{name=Akamai; addressLineOne=1234 Main Street; 
                                addressLineTwo=; city=Cambridge; region=MA; 
                                postalCode=02142; country=US; phone=+1-6175551234}
orgId                          : 
adminContact                   : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
techContact                    : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
thirdParty                     : 
enableMultiStackedCertificates : False
autoRenewalStartTime           : 12/31/2023 11:42:25 PM
pendingChanges                 : {}
maxAllowedSanNames             : 100
maxAllowedWildcardSanNames     : 25

id                             : 234567
productionSlots                : {}
stagingSlots                   : {}
assignedSlots                  : {}
location                       : /cps/v2/enrollments/234567
ra                             : lets-encrypt
validationType                 : dv
certificateType                : san
certificateChainType           : default
networkConfiguration           : @{geography=core; secureNetwork=standard-tls; 
                                mustHaveCiphers=ak-akamai-default; 
                                preferredCiphers=ak-akamai-default; 
                                disallowedTlsVersions=System.Object[]; sniOnly=True; 
                                quicEnabled=False; dnsNameSettings=; ocspStapling=on; 
                                clientMutualAuthentication=}
signatureAlgorithm             : SHA-256
changeManagement               : False
csr                            : @{cn=example.enrollment2.net; c=US; st=Cambridge; l=Cambridge; 
                                o=Akamai; ou=; sans=System.Object[]; 
                                preferredTrustChain=dst-root-ca-x3}
org                            : @{name=Akamai; addressLineOne=1234 Main Street; 
                                addressLineTwo=; city=Cambridge; region=MA; 
                                postalCode=02142; country=US; phone=+1-6175551234}
orgId                          : 
adminContact                   : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
techContact                    : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
thirdParty                     : 
enableMultiStackedCertificates : False
autoRenewalStartTime           : 
pendingChanges                 : {@{location=/cps/v2/enrollments/234567/changes/901234; 
                                changeType=new-certificate}}
maxAllowedSanNames             : 100
maxAllowedWildcardSanNames     : 25

  2. Use an enrollment ID and set it to a variable or send its contents to a file to edit the output. Remove the enrollment-specific identifiers added by Akamai.

    • id
    • productionSlots
    • stagingSlots
    • assignedSlots
    • location
    • autoRenewalStartTime

  3. Send your enrollment object as the value for -Body in the new enrollment cmdlet. 

    New-CPSEnrollment -ContractID "ctr_C-0N7RAC7" -Body $MyEnrollment

Akamai automatically verifies your domain and deploys it to both the staging and production networks when you set changeManagement to false.

If you would rather test on staging before deploying to production, set the value to true, run your tests, and then use the Set-CPSDeploymentSchedule cmdlet to deploy your certificate to the production network.

Certificate renewal

Thirty days before your certificate expires, we'll contact you to begin the renewal process. This communication is followed by a notice 16 days before the expiry to let you know the renewal period is open.

Enhanced TLS certificate renewal and deployment is an automatic process.

Standard TLS certificate renewal and deployment can be manual or automatic. During the open period for a renewal, your enrollment enters a change-in-progress state that you complete by adding your renewed certificate. If you don't want to manage the renewal process manually, add the autoDomainValidation behavior to your property's default rule.

  1. Copy, paste, and save the autoDomainValidation behavior JSON to a file.

    Note: The autodv parameter is sent empty.

    {
  "name": "autoDomainValidation",
  "options": {
      "autodv": ""
  }
}

  2. Set the behavior.json content to a variable. 

    $Behavior = Get-Content -Raw behavior.json | ConvertFrom-JSON

  3. Get and set your property's rule tree to a variable. 

    $Rules = Get-PropertyRuleTree -PropertyName "MyProperty" -PropertyVersion "latest"

  4. Add the new behavior.

    $Rules.rules.behaviors += $Behavior

  5. Update your property.

    $Rules | Set-PropertyRuleTree -PropertyName "MyProperty" -PropertyVersion "latest"

  6. Activate your property to apply the changes on a network. 

    New-PropertyActivation -PropertyName "MyProperty" -PropertyVersion "latest" -Network "Staging" -NotifyEmails "jsmith@email.com"

Third-party certificates

To use a certificate from an external certificate authority, create third-party enrollment and upload your certificate.

  1. Get your certificate signing request. 

    Get-CPSCSR -EnrollmentID 12345 -ChangeID 9876543

    csrs
----

{@{keyAlgorithm=RSA; csr=BEGIN CERTIFICATE REQUEST-----\n\n-----END CERTIFICATE REQUEST}

  2. Use your contract ID to send an enrollment object with all required parameters as a variable or JSON string in the new enrollment command. Returned to you are the enrollments and change management resource paths. Your enrollment and change IDs are in the paths. You'll need them for the next step.

    $body = @{
  ra = "third-party"
  validationType = "third-party"
  thirdParty = @{
  excludeSans = @true
  }
  certificateType = "third-party"
  networkConfiguration = @{
    geography = "core"
    secureNetwork = "standard-tls"
    sniOnly = $true
    quicEnabled = $false
    dnsNameSettings = @{
      cloneDnsNames = $true
    }
  }
  changeManagement = $true
  csr = @{
    cn = "example.enrollment.net"
    c = "US"
    st = "Cambridge"
    l = "Cambridge"
    o = "Akamai"
    sans = @(
      "example.enrollment.net"
    )
  }
  org = @{
    name = "Akamai"
    addressLineOne = "1234 Main Street"
    city = "Boston"
    region = "MA"
    postalCode = "02142"
    country = "US"
    phone = "(617) 555-1234"
  }
  adminContact = @{
    firstName = "John"
    lastName = "Smith"
    phone = "(617) 555-1234"
    email = "jsmith@example.com"
  }
  techContact = @{
    firstName = "John"
    lastName = "Smith"
    phone = "(617) 555-1234"
    email = "jsmith@example.com"
  }
  enableMultiStackedCertificates = $false
  signatureAlgorithm = "SHA-256"
}

$ New-CPSEnrollment -ContractID "ctr_C-0N7RAC7" -Body $body

    $ New-CPSEnrollment -ContractID "ctr_C-0N7RAC7" -Body '{@{"ra": "third-party", "validationType": "third-party", "thirdParty": {"excludeSans": true}, "certificateType": "third-party", "networkConfiguration": {"geography": "core", "secureNetwork": "standard-tls", "sniOnly": true"quicEnabled": false, "dnsNameSettings": {"cloneDnsNames": true}}, "changeManagement": true, "csr": {"cn": "example.enrollment.net", "c": "US", "st": "Cambridge", "l": "Cambridge", "o": "Akamai", "sans": ["example.enrollment.net"]}, "org": {"name": "Akamai", "addressLineOne": "1234 Main Street", "city": "Boston", "region": "MA", "postalCode": "02142", "country": "US", "phone": "(617) 555-1234"}, "adminContact": {"firstName": "John", "lastName": "Smith", "phone": "(617) 555-1234", "email": "jsmith@example.com"}, "techContact": {"firstName": "John", "lastName": "Smith", "phone": "(617) 555-1234", "email": "jsmith@example.com"}, "enableMultiStackedCertificates": false, "signatureAlgorithm": "SHA-256"}}'

  3. Use your enrollment and change IDs to add your certificate to your property. Possible values for KeyAlorithm are RSA or ECDSA.

    Add-CPSThirdPartyCert -EnrollmentID 123456 -ChangeID 123456 -Certificate "--- BEGIN CERTIFICATE ------ END CERTIFICATE ---" -KeyAlgorithm RSA

Certificate renewal

Thirty days before your certificate expires, we'll contact you to begin the renewal process. This communication is followed by a notice 16 days before the expiry to let you know the renewal period is open. During the open period, your enrollment enters a change-in-progress state that you complete by adding your renewed certificate.

  1. Get your enrollment's change ID from the returned pendingChanges field.

    Get-CPSEnrollment -EnrollmentId 123456

    id                             : 234567
productionSlots                : {}
stagingSlots                   : {}
assignedSlots                  : {}
location                       : /cps/v2/enrollments/234567
ra                             : third-party
validationType                 : third-party
certificateType                : third-party
certificateChainType           : default
networkConfiguration           : @{geography=core; secureNetwork=standard-tls; 
                                mustHaveCiphers=ak-akamai-default; 
                                preferredCiphers=ak-akamai-default; 
                                disallowedTlsVersions=System.Object[]; sniOnly=True; 
                                quicEnabled=False; dnsNameSettings=; ocspStapling=on; 
                                clientMutualAuthentication=}
signatureAlgorithm             : SHA-256
changeManagement               : False
csr                            : @{cn=example.enrollment2.net; c=US; st=Cambridge; l=Cambridge; 
                                o=Akamai; ou=; sans=System.Object[]; 
                                preferredTrustChain=dst-root-ca-x3}
org                            : @{name=Akamai; addressLineOne=1234 Main Street; 
                                addressLineTwo=; city=Cambridge; region=MA; 
                                postalCode=02142; country=US; phone=+1-6175551234}
orgId                          : 
adminContact                   : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
techContact                    : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
thirdParty                     : 
enableMultiStackedCertificates : False
autoRenewalStartTime           : 
pendingChanges                 : {@{location=/cps/v2/enrollments/234567/changes/901234; 
                                changeType=new-certificate}}
maxAllowedSanNames             : 100
maxAllowedWildcardSanNames     : 25

  2. Use your enrollment and change IDs to add your certificate to your property. Possible values for KeyAlorithm are RSA or ECDSA.

    Add-CPSThirdPartyCert -EnrollmentID 234567 -ChangeID 901234 -Certificate "--- BEGIN CERTIFICATE ------ END CERTIFICATE ---" -KeyAlgorithm RSA

Update an enrollment

To update an existing enrollment, set an enrollment's output to a variable and make your changes.

  1. If you don't know your enrollment's ID, use the get enrollment command to return a list of your enrollments. 

    Get-CPSEnrollment

    id                             : 123456
productionSlots                : {112233}
stagingSlots                   : {112233}
assignedSlots                  : {112233}
location                       : /cps/v2/enrollments/123456
ra                             : lets-encrypt
validationType                 : dv
certificateType                : san
certificateChainType           : default
networkConfiguration           : @{geography=core; secureNetwork=enhanced-tls; 
                                mustHaveCiphers=ak-akamai-default; 
                                preferredCiphers=ak-akamai-default; 
                                disallowedTlsVersions=System.Object[]; sniOnly=True; 
                                quicEnabled=True; dnsNameSettings=; ocspStapling=on; 
                                clientMutualAuthentication=}
signatureAlgorithm             : SHA-256
changeManagement               : False
csr                            : @{cn=example.enrollment.net; c=US; st=Cambridge; l=Cambridge; 
                                o=Akamai; ou=; sans=System.Object[]; 
                                preferredTrustChain=dst-root-ca-x3}
org                            : @{name=Akamai; addressLineOne=1234 Main Street; 
                                addressLineTwo=; city=Cambridge; region=MA; 
                                postalCode=02142; country=US; phone=+1-6175551234}
orgId                          : 
adminContact                   : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
techContact                    : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
thirdParty                     : 
enableMultiStackedCertificates : False
autoRenewalStartTime           : 12/31/2023 11:42:25 PM
pendingChanges                 : {}
maxAllowedSanNames             : 100
maxAllowedWildcardSanNames     : 25

id                             : 234567
productionSlots                : {}
stagingSlots                   : {}
assignedSlots                  : {}
location                       : /cps/v2/enrollments/234567
ra                             : lets-encrypt
validationType                 : dv
certificateType                : san
certificateChainType           : default
networkConfiguration           : @{geography=core; secureNetwork=standard-tls; 
                                mustHaveCiphers=ak-akamai-default; 
                                preferredCiphers=ak-akamai-default; 
                                disallowedTlsVersions=System.Object[]; sniOnly=True; 
                                quicEnabled=False; dnsNameSettings=; ocspStapling=on; 
                                clientMutualAuthentication=}
signatureAlgorithm             : SHA-256
changeManagement               : False
csr                            : @{cn=example.enrollment2.net; c=US; st=Cambridge; l=Cambridge; 
                                o=Akamai; ou=; sans=System.Object[]; 
                                preferredTrustChain=dst-root-ca-x3}
org                            : @{name=Akamai; addressLineOne=1234 Main Street; 
                                addressLineTwo=; city=Cambridge; region=MA; 
                                postalCode=02142; country=US; phone=+1-6175551234}
orgId                          : 
adminContact                   : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
techContact                    : @{firstName=John; lastName=Smith; phone=+1-6175551234; 
                                email=jsmith@example.com; addressLineOne=; 
                                addressLineTwo=; city=; country=; organizationName=; 
                                postalCode=; region=; title=}
thirdParty                     : 
enableMultiStackedCertificates : False
autoRenewalStartTime           : 
pendingChanges                 : {@{location=/cps/v2/enrollments/234567/changes/901234; 
                                changeType=new-certificate}}
maxAllowedSanNames             : 100
maxAllowedWildcardSanNames     : 25

  2. Assign the enrollment you want to a variable and make your changes. 

    $MyEnrollment = Get-CPSEnrollment -EnrollmentID 123456
$MyEnrollment.networkConfiguration.geography = "china+core"

  3. Use your enrollment ID to send your enrollment object as a variable or JSON string in the set enrollment command.

    Set-CPSEnrollment -EnrollmentID 123456 -Body $MyEnrollment

Akamai automatically verifies your domain and deploys it to both the staging and production networks when you set changeManagement to false.

If you would rather test on staging before deploying to production, set the value to true, run your tests, and then use the Set-CPSDeploymentSchedule cmdlet to deploy your certificate to the production network.

Delete enrollment

To delete an enrollment, send its ID in the remove enrollment command.

Remove-CPSEnrollment -EnrollmentID 123456

Updated 8 days ago