Here, we'll set up a property using a custom certificate that we'll create to secure the connection between a requesting client and the Akamai network.
Make sure you get these things done before you start with this workflow.
Determine the level of security. What level of security do you need to deliver your content to requesting clients? Have a look at Understand the levels of security to figure out if you need Enhanced or Standard TLS security.
Set up authentication. To make calls through the various Akamai APIs available for this workflow, you need to authenticate using tokens you generate and apply in requests from your API client tool.
Property Manager API (PAPI). This is what you'll use to set up your property to deliver your traffic. You'll need to ensure that your authentication is set up for READ/WRITE access to PAPI.
Certificate Provisioning System (CPS) API. As a step in this workflow, you'll need to set up a certificate to secure the connection between clients requesting your content and the Akamai edge network. You can use an API for this process. You'll need to ensure that the access authentication for it is also set up for READ/WRITE access.
Make sure you have write access to your primary DNS servers. You'll need to modify DNS records during the process.
Get the IP address of your existing origin and create an
A record in your DNS.
CPS is a separate Akamai utility you can use to generate a custom certificate using either Standard or Enhanced TLS security. All certificates are signed by a Certificate Authority that is known to be trusted by every major browser or operating system. When creating one, you need to set the domain name that clients use to access your site or asset as the common name (CN), or include it as a subject alternate name (SAN) in the certificate.
Have a look at the developer documentation for CPS for details.
You can also use a separate user interface in Control Center to create custom certificates. See the Certificate Provisioning System user documentation for instructions on this process. There are multiple phases of the process, and you need to apply specific settings:
When you enter certificate information, you'll set your domain name as either the Common Name (CN) or a Subject Alternate Name (SAN). Make note of it, because you need this value later in the process.
During the select network setting phase, set Deployment Network to the desired level of security, Standard TLS or Enhanced TLS.
Set all other options for all other phases of the certificate creation process as desired.
Regardless of the tool you used, a certificate can take from 3 - 6 hours to provision, based on the level of security you've chosen. The email address set for the Control Center account that you used to create the certificate will receive an email when it's ready.
These identifiers specify what modules and features you'll be able to use in your property.
An edge hostname is used to process the request between a client and the Akamai edge network. Create your edge hostname using the domain name you set as the CN or SAN in your certificate:
CP codes track any web traffic handled by edge servers. Each property’s default rule needs a valid CP code to bill and report for the service.
Think of a property as a container for your product configuration. Set one up to control how your content is delivered.
Here, you map your property hostname to the edge hostname that you created, so that the edge servers can take over the client traffic from your origin.
Run this operation and locate your hostname, based on its
"cnameFrom": "<your domain>". It needs to be active. Check for the
status object in the response:
- You see the
statusvalue indicates that it's still being processed. Wait a while and try the operation again.
- There's no
statusobject. The hostname is active. Review the response to confirm that the
cnameFromvalue is the correct domain for your site or resource, and store the
cnameTovalue for use later in the process.
In your DNS configuration, create a CNAME record and map your domain (
cnameFrom) to the
cnameTo value that you stored.
Get the baseline of your property's rule tree. It includes all of the default rules and behaviors that Akamai adds. What you'll get in the response varies depending on your Akamai product.
Provide necessary details for the top-level default rule. At a minimum, configure these mandatory behaviors in a rule:
You can optionally include any number of your own rules to customize content delivery. Rule trees are maintained in a special form of JSON that you can best edit and validate in the dedicated VS code or Eclipse IDE plugins.
Make sure your JSON file is correct and complete before deploying it on edge servers. You need to resolve returned errors, as they block an activation, but you can activate a property version that yields less severe warnings. For more information, see Rule tree errors and warnings. Both VS code and Eclipse plugins support full rule tree validation.
Push your updated JSON file back to the property.
With brand new setups, you only need to test your configuration on production. But, you can activate your property on both networks at the same time.
Make sure the activation was successful. The response should contain
Temporarily set up your local browser to target an edge server to access your property.
You need your edge hostname's actual IP address. Get it by running a command for your stored edge hostname. For example, assume the domain you set in your edge hostname was "example.com" and you're using a Standard TLS certificate that adds the
edgesuite.netsuffix to your hostname behind the scenes:
Mac OS, Linux, or Unix:
dig AAAA www.example.com.edgesuite.net
Navigate to your local hosts file in a text editor.
- Windows. You should be able to find your hosts file in:
- Mac OS, Linux, or Unix. You should be able to find your hosts file in:
- Windows. You should be able to find your hosts file in:
At the end of the hosts file, add an entry for the actual domain to your website that includes the edge hostname's IP address.
Save and close your hosts file. Restart your browser to clear your DNS cache and verify that your site is working the way you expect.
For more details on testing and activation, see Activate a property.
Start serving live traffic through the Akamai Edge Platform. Replace your existing CNAME record and with a new one, setting its value to the Akamai edge hostname.
Remember to remove any entries from your local hosts file that you may have set up for testing. Now, you can restart your browser and do a smoke test of your website or application.