Convert HTTP requests from your clients to use secure HTTPS between the Akamai edge network and your origin server. This improves the security of the data transferred between the edge and your origin server.
A complete request flow involves three total entities:
- The client making the request.
- The Akamai edge server, where your property is read, and target content may be cached.
- The origin server where the target content is actually hosted.
With this behavior added, all requests in the flow between the Akamai edge and your origin server are converted to HTTPS to secure them.
Since TCP is stateful, an HTTP request from a client must be answered with an HTTP response. If your connection needs to be an HTTPS connection from end to end, consider implementing a redirect from the original HTTP URL to an HTTPS one.
Follow these steps to set it up in your property:
Prepare your origin server. This covers the various types of secure origin servers, and how to set them up.
Add an origin server to your property. You need to use the Origin Server behavior to properly configure your origin in your property.
Add this behavior to the same rule where you configured the Origin Server behavior. It has no options. By simply adding it, you've enabled the conversion.
You don't need to perform the process above if you're using NetStorage as your origin server. Just add the HTTP to HTTPS Upgrade behavior to the same rule that contains the Origin Server behavior where you've set NetStorage as your origin. Akamai sets origin security automatically.
If you want to use more secure Enhanced TLS to transfer personally identifiable information (PII), you need to prepare an Enhanced TLS certificate and apply it to your Property Hostname. You won't use this behavior.
There are multiple ways to do this:
The Custom Certificate method (Default). Here, you'll use Akamai's Certificate Provisioning System (CPS) to prepare the certificate, wait for it to provision, then you can apply it when you add a new property hostname.
The Default Certificate method (Limited Availability, only). This process lets you select this level of security when you add a property hostname, and Akamai automatically creates the certificate for you, in the background.
This behavior uses a specific forward port, based on the delivery product in use:
Adaptive Media Delivery, Download Delivery, and Object Delivery. This uses whatever port you have configured for the HTTPS Port in the Ports options in the Origin Server behavior.
Akamai Cloud Embed. This uses port 443.
You'll need to make sure that the applicable port is available on your origin server.
Updated 8 months ago