Guide
TrainingSupportCommunity

HTTP to HTTPS Upgrade

Suggest Edits

Convert HTTP requests from your clients to use secure HTTPS between the ​Akamai​ edge network and your origin server. This improves the security of the data transferred between the edge and your origin server.

How it works

A complete request flow involves three total entities:

  • The client making the request.
  • The ​Akamai​ edge server, where your property is read, and target content may be cached.
  • The origin server where the target content is actually hosted.

With this behavior added, all requests in the flow between the ​Akamai​ edge and your origin server are converted to HTTPS to secure them.

📘

Since TCP is stateful, an HTTP request from a client must be answered with an HTTP response. If your connection needs to be an HTTPS connection from end to end, consider implementing a redirect from the original HTTP URL to an HTTPS one.

Implementation

Follow these steps to set it up in your property:

  1. Prepare your origin server. This covers the various types of secure origin servers, and how to set them up.

  2. Add an origin server to your property. You need to use the Origin Server behavior to properly configure your origin in your property.

  3. Add this behavior to the same rule where you configured the Origin Server behavior. It has no options. By simply adding it, you've enabled the conversion.

Are you using NetStorage?

You don't need to perform the process above if you're using NetStorage as your origin server. ​Just add the HTTP to HTTPS Upgrade behavior to the same rule that contains the Origin Server behavior where you've set NetStorage as your origin. ​Akamai​ sets origin security automatically.

This uses Standard TLS (HTTPS L1)

If you want to use more secure Enhanced TLS to transfer personally identifiable information (PII), you need to prepare an Enhanced TLS certificate and apply it to your Property Hostname. You won't use this behavior.

There are multiple ways to do this:

  • The Custom Certificate method (Default). Here, you'll use ​Akamai​'s Certificate Provisioning System (CPS) to prepare the certificate, wait for it to provision, then you can apply it when you add a new property hostname.

  • The Default Certificate method (Limited Availability, only). This process lets you select this level of security when you add a property hostname, and ​Akamai​ automatically creates the certificate for you, in the background.

Port usage

This behavior uses a specific forward port, based on the delivery product in use:

  • Adaptive Media Delivery, Download Delivery, and Object Delivery. This uses whatever port you have configured for the HTTPS Port in the Ports options in the Origin Server behavior.

  • Akamai Cloud Embed. This uses port 443.

You'll need to make sure that the applicable port is available on your origin server.

Updated almost 2 years ago