Create and provision a Cloud Certificate Manager (CCM) certificate when you add a hostname to a property to easily secure client request.

Property Manager enables you to bind CCM certificates to hostnames, configure mutual TLS (mTLS), and deploy secure configurations across Akamai's network.

📘

CCM certificate is in Limited Availability

To have this feature added to your contract, contact your Akamai representative.

Before you begin

In Property Manager, create a brand new property or edit an existing one.

Access Requirements

• Property Manager: Access to modify property configurations.
• Cloud Certificate Manager: Access to the product.
• CCM certificates: View and bind access to CCM certificates.
• CA sets: Access to Mutual Edge Truststore for mTLS configuration.
• EdgeGrid authentication: API access.

How to

1. In the Property Manager Editor, in the Property Hostnames panel, click +Hostnames>Add Hostname(s).
2. In the Add Hostname(s) field, enter the hostnames you want to use and click Next. The names don't need to contain https://, just the domain.

📘

You can add multiple hostnames by pasting them into the field. If you do, each value needs to be separated by a space or comma, or contained on separate lines. Duplicate names are skipped.

3. Select the CCM (Third party) option to use the certificate you previously created in Cloud Certificate Manager. If the Cloud Certificate Manager certificate doesn't appear in the list after refreshing it, verify group permissions for certificate access, ensure the certificate is READY_FOR_USE or ACTIVE, and make sure the Cloud Certificate Manager access is enabled for your account.

📘

You can also create a new certificate in Cloud Certificate Manager. Click Create new in CCM. See Create new certificate in the Cloud Certificate Manager documentation.

4. Choose at least one RSA or one ECDSA certificate. You can also choose certificates of both types.
5. Optional: To use the mTLS authentication toggle the Enable Mutual Authentication (mTLS) switch in the Mutual Authentication section. It shows the authentication options. Select the CA set and, if needed, toggle the switches to enable:

• Sending a Certificate Authority (CA) list to the clients.
• Online Certificate Status Protocol (OCSP) for enhanced security.

6. Optional: Enable Override the TLS Settings to manage:

• Cipher profile
• Disallowed TLS versions
• Online certificate status protocol (OSCP) stapling
• FIPS mode.

📘

CCM certificates are provisioned with TLS 1.2 and TLS 1.3, using the ak-akamai-2020q1 cipher profile and ak-akamai-2020q1-without-chachapoly1305.

7. Click Next.
8. Select the checkboxes next to property hostnames you want to configure edge hostnames for. You can apply your edge hostname settings to multiple property hostnames at the same time. You can either configure separate edge hostnames for each property hostname, or have property hostnames with CCM certificates share one common edge hostname.
9. Click Submit.
10. Review the information in the Success window and apply its instructions as required. Click Close.

You can view all details for hostnames in the Property Hostnames panel by expanding their corresponding rows.