Certificate Provisioning System API Data

This section details the most recent version of the CPS API’s various data objects.

Schemas

Acknowledgement

Encapsulates information needed to acknowledge an enrollment change.

Sample v1 object:

{
    "acknowledgement": "acknowledge"
}

Acknowledgement Members

Member Type Required Description
acknowledgement Enumeration String representing acknowledgement or denial for the state this Acknowledgement is submitted for. Possible enum values: acknowledge, deny.

AcknowledgementWithHash

Encapsulates information needed to acknowledge an enrollment change.

Sample v1 object:

{
    "acknowledgement": "acknowledge",
    "hash": "24fb6fb91d290370c13a39e76afc1b26"
}

AcknowledgementWithHash Members

Member Type Required Description
acknowledgement Enumeration String representing acknowledgement or denial for the state this Acknowledgement is submitted for. Possible enum values: acknowledge, deny.
hash String A hash is the state that this request acknowledges. You use this when you want to be explicit about what state you’re acknowledging in order to prevent race conditions, such as when the state changes while the acknowledgement POST operation is in progress.

Certificate

A digital certificate contains an electronic document that includes a company’s identification information (such as the name of the company and address), a public key, and the digital signature of a certification authority (CA) based on that certification authority’s private key. Digital certificates are verified using a chain of trust, which is a certificate hierarchy that allows individuals to verify the validity of a certificate’s issuer.

Sample v1 object:

{
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}

Certificate Members

Member Type Required Description
certificate String The certificate text.
trustChain String, Null The trust chain text. You may have no trust chains or multiple trust chains.

Change

Any change that you want to make to the network deployment of an enrollment.

Sample v1 object:

{
    "statusInfo": {
        "status": "wait-upload-third-party",
        "state": "awaiting-input",
        "description": "Waiting for you to upload and submit your third party certificate and trust chain.",
        "deploymentSchedule": {
            "notBefore": null,
            "notAfter": null
        },
        "error": null
    },
    "allowedInput": [
        {
            "type": "third-party-certificate",
            "requiredToProceed": true,
            "info": "/cps/v2/enrollments/10002/changes/10002/input/info/third-party-csr",
            "update": "/cps/v2/enrollments/10002/changes/10002/input/update/third-party-cert-and-trust-chain"
        }
    ]
}

Change Members

Member Type Required Description
allowedInput Change.allowedInput[n] The resource locations (path) of data inputs allowed by this change. These could be required or optional for this change to proceed.
statusInfo Change.statusInfo The status for this Change at this time.

Change.allowedInput[n]  

The resource locations (path) of data inputs allowed by this change. These could be required or optional for this change to proceed.

Member Type Required Description
info String The resource location for the description of the allowed input.
requiredToProceed Boolean If true, this input is required for the Change to proceed.
type String The type input. For more information see the Overview.
update String The resource location that you can use to make a call for this input.

Change.statusInfo  

The status for this Change at this time.

Member Type Required Description
deploymentSchedule Change.statusInfo.deploymentSchedule The schedule for when you want this change deploy.
description String A description of the current status of the change.
error Change.statusInfo.error, Null Error information for this change.
state String The current sub-state of the change. It represents detailed information regarding to the status of the change, such is if the change is in progress, in error state, awaiting user input, and so on.
status String The general status of the change. This is a high level of description of the status for the change.

Change.statusInfo.deploymentSchedule  

The schedule for when you want this change deploy.

Member Type Required Description
notAfter String, Null Do not deploy the certificate after this date.
notBefore String, Null Do not deploy the certificate before this date.

Change.statusInfo.error  

Error information for this change.

Member Type Required Description
code String The unique identifier code for this error.
description String The detailed description for this error.
timestamp String The timestamp of the occurrence for this error.

ChangeManagement

After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate.

Sample v2 object:

{
    "acknowledgementDeadline": null,
    "pendingState": {
        "pendingCertificate": {
            "certificateType": "third-party",
            "signatureAlgorithm": "SHA-256",
            "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----"
        },
        "pendingNetworkConfiguration": {
            "networkType": null,
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "preferredCiphers": "ak-akamai-default",
            "disallowedTlsVersions" : [ "TLSv1_2" ],
            "sni": null
        }
    },
    "validationResult": null,
    "validationResult" : {
      "warnings" : [ {
        "messageCode" : "no-code",
        "message" : "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]"
      } ],
      "errors" : null
    },
    "validationResultHash" : "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}

ChangeManagement Members

Member Type Required Description
acknowledgementDeadline String, Null The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO–8601. This field is only populated when there’s an existing certificate on network for the current enrollment, it’s null otherwise.
pendingState ChangeManagement.pendingState The snapshot of the pending state for the enrollment when this change takes effect.
validationResult ChangeManagement.validationResult, Null The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.
validationResultHash String The hash of validationResult.

ChangeManagement.pendingState  

The snapshot of the pending state for the enrollment when this change takes effect.

Member Type Required Description
pendingCertificate ChangeManagement.pendingState.pendingCertificate, Null The snapshot of the pending certificate for the enrollment when this change takes effect.
pendingNetworkConfiguration ChangeManagement.pendingState.pendingNetworkConfiguration The snapshot of the pending network configuration for the enrollment when this change takes effect.

ChangeManagement.pendingState.pendingCertificate  

The snapshot of the pending certificate for the enrollment when this change takes effect.

Member Type Required Description
certificateType Enumeration Either san, single, wildcard, wildcard-san, or third-party.
fullCertificate String Displays the contents of the certificate.
signatureAlgorithm String Displays the signature algorithm.

ChangeManagement.pendingState.pendingNetworkConfiguration  

The snapshot of the pending network configuration for the enrollment when this change takes effect.

Member Type Required Description
disallowedTlsVersions Array, Null Use Akamai Defaults if not specified, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS Versions, you specify the TLS protocols that you do not want to allow. You can specify TLSv1_0, TLSv1_1, and TLSv1_2. You must specify at least one protocol.
mustHaveCiphers String Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
networkType Enumeration, Null Type of the network that you want to deploy your certificate in. It is either standard-worldwide or worldwide.
preferredCiphers String Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
sni ChangeManagement.pendingState.pendingNetworkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes NON-SNI. When it is non-null, enrollment is SNI-ONLY. This setting can not be changed once an enrollment is created.

ChangeManagement.pendingState.pendingNetworkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes NON-SNI. When it is non-null, enrollment is SNI-ONLY. This setting can not be changed once an enrollment is created.

Member Type Required Description
cloneDnsNames Boolean Set to true, if you want CPS to directs traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

ChangeManagement.validationResult  

The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.

Member Type Required Description
errors ChangeManagement.validationResult.errors[n] Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.
warnings ChangeManagement.validationResult.warnings[n] Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.

ChangeManagement.validationResult.errors[n]  

Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.

Member Type Required Description
message String The description of the message.
messageCode String The unique code of the message.

ChangeManagement.validationResult.warnings[n]  

Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.

Member Type Required Description
message String The description of the message.
messageCode String The unique code of the message.

CSR

Certificate Signing Request (CSR).

Sample v1 object:

{
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDPTCCAiUCAQAwbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRIwEAYDVQQH\nEwlDYW1icmlkZ2UxDzANBgNVBAoTBkFrYW1haTEOMAwGA1UECxMFV2ViRXgxHDAa\nBgNVBAMTE3d3dy5jcHMtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQC9B4gnbJ84Lw9hCno2OIJhIKS5LTP1rrW/6T4pMNhAohryMOTA\n/Q4hPO9OeMwe5R3wltLPmM1vbZlbEf/UXanvWuVJ0FF4GRkYswtxBk+3mO7t5rtk\n/P4w5avC5zphRp9ExCTeox6jdLMhlBuYspeRl5iuKrL2z3IclJSdZfWM5rnXDpgz\n9dqv/almnanKC5oI1UansACjfxEB6loZwXDKMmx7p1z7t0c68OeND4KDaU7wNJzX\nawUuWU6F05QuV1lFZu19Muz2562JHxlWkcnVO3MTPdf1GoEEK+erKRC8yaJAo6R9\ngR3os3hOTr8cnDb8xmEiAARe1RR1AycPo4xzAgMBAAGggYowgYcGCSqGSIb3DQEJ\nDjF6MHgwdgYDVR0RBG8wbYIUc2FuMS5jcHMtZXhhbXBsZS5jb22CFHNhbjIuY3Bz\nLWV4YW1wbGUuY29tghRzYW4zLmNwcy1leGFtcGxlLmNvbYIUc2FuNC5jcHMtZXhh\nbXBsZS5jb22CE3d3dy5jcHMtZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEB\nADcmMlTs0MFgiVZFN7GlTy2C4R9hbywRaNSsKZmdTrargt7zrVJH4E9XJ2joBi2v\nrDP4dXuf+lSY5UTMBADVLLySHXRFvmppO+xaT9fyRLbIZ/JfKrlfq/2rZfwg5ET6\nAoHHm/JcbAD12ZPfM52AqEuZbADYnXHBvPIy6iCvmVkRiXmRgKExpl2/0uDfzmEG\nrVkHCkPNsOrcq00OFX9eCPOi7/UPmqI+gaHEJBMV99e0rgLPibwqMTVKwDVCQKdD\n/0iHvFXUYn2w96LxqN8I41aSrEAbJ3kXSN4CywYxzlPqHcDlmZWoShVHQ5mZonkC\nDkjCfMEQRP5YaQcbHMhA9jc=\n-----END CERTIFICATE REQUEST-----"
}

CSR Members

Member Type Required Description
csr String, Null String with PEM formatted CSR.

DeploymentSchedule

If you want CPS to automatically deploy your certificate, but you do not want the deployment to occur before a certain date and time, you can set a deploy after date. You can only set a deploy after date and time for the renewal of a certificate or for a certificate that is active on the network. The certificate may not deploy the certificate at the exact time and date you specify, but it will not deploy it before that time and date.

Sample v1 object:

{
    "notBefore": "2017-05-19T16:00:00Z",
    "notAfter": null
}

DeploymentSchedule Members

Member Type Required Description
notAfter String, Null The time after when the change will no longer be in effect. This value is an ISO–8601 timestamp.
notBefore String, Null The time that you want change to take effect. If you do not set this, the change occurs immediately, although most changes take some time to take effect even when they are immediately effective. This value is an ISO–8601 timestamp.

Deployment

Deploys your certificate to a network.

Sample v3 object:

{
    "networkConfiguration": {
        "geography": "standard-worldwide",
        "secureNetwork": "enhanced-tls",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": true,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    },
    "signatureAlgorithm": "SHA-256",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
    "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----"
}

Deployment Members

Member Type Required Description
certificate String The certificate text.
networkConfiguration Deployment.networkConfiguration Information about how you want to deploy your certificate.
signatureAlgorithm Enumeration, Null The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either SHA-1 or SHA-256. SHA–256 is best.
trustChain String The trust chain text. You may have any number of trust chains.

Deployment.networkConfiguration  

Information about how you want to deploy your certificate.

Member Type Required Description
disallowedTlsVersions Array, Null Specify the TLS protocol version you want to use. If you specify Use Defaults, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS protocol versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS protocols, you must set the TLS protocols that you do not want to allow. You can set TLS 1.0, TLS 1.1, and TLS 1.2. You must select at least one protocol. If you specify Client TLS Renegotiation, it allows Transport Layer Security (TLS) to renegotiate during a live session. Client TLS Renegotiation allows either side of the TLS/SSL connection to start over and choose again which ciphers to use or whether to generate new session keys or reset any other information. If you specify Disallow, CPS does not allow renegotiation during a live session. It is best to use this default. If you specify Secure, CPS allows renegotiation. We do not recommend selecting this except in rare cases where you configured your site to request or require client certificates. If you specify Warning, CPS allows an insecure style, but writes an entry to the log. If you use f5 load balancers or other equipment that does not support the secure method, you could select this option. Specify Dual Stack RSA+ECDSA to allow the use of multiple certificates on a slot. CPS can then use the best certificate for each client connecting to your site. You must have one RSA certificate per slot. Not all clients can accept ECDSA certificates and CPS automatically downgrades and serves an alternate certificate when required by an individual client. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate.
geography Enumeration Set to core to specify worldwide (excludes China and Russia). Set to china+core to specify worldwide and China. Set to russia+core to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.
mustHaveCiphers String, Null Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
preferredCiphers String, Null Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
secureNetwork Enumeration The type of deployment network you want to use. Specify Standard TLS as the enum standard-tls to deploy your certificate to Akamai’s standard secure network. It is not PCI compliant. Specify Enhanced TLS as the enum enhanced-tls to deploy your certificate to Akamai’s more secure network with PCI compliance capability.
sni Deployment.networkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.

Deployment.networkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.

Member Type Required Description
cloneDnsNames Boolean Enable if you want CPS to direct traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

DvChallenges

When using certificates with domain validation, you prove that you have control over each of the domains listed in the certificate. When you create a new DV enrollment that generates a certificate signing request (CSR). CPS automatically sends it to Let’s Encrypt for signing. Let’s Encrypt sends back a challenge for each domain listed on your certificate. You prove that you have control over the domains listed in the CSR by redirecting your traffic to Akamai. This allows Akamai to complete the challenge process for you by detecting the redirect and answering Let’s Encrypt’s challenge. You must configure your web server to redirect your traffic to Akamai. If you do not have the ability to redirect traffic on your web server, you must instruct the person who can redirect traffic to do so. Let’s Encrypt automatically verifies the domain after it receives an answer to the challenge, and marks the domain as validated.

Sample v1 object:

{
    "domain": "www.cps-example-dv.com",
    "responseBody": "12345-...-abcdef",
    "fullPath": "http://www.cps-example-dv.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg",
    "token": "123456789012345-abcdabcdabcdabcdabcda-c9Iyg._FwjjylbTSz3wLqz-nosVe2Ix30aB4E_xikrCqpzsBA",
    "status": "READY",
    "error": "",
    "requestTimestamp": "2017-05-19T17:20:00Z",
    "validatedTimestamp": "2017-05-19T17:35:22Z",
    "expires": "2017-05-19T18:00:00Z",
    "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg"
}

DvChallenges Members

Member Type Required Description
challenges DvChallenges.challenges[n] Domains that need to be validated for this Enrollment.

DvChallenges.challenges[n]  

Domains that need to be validated for this Enrollment.

Member Type Required Description
domain String, Null Domain which is being validated.
error String, Null Current validation status for domains not yet validated.
expires String, Null Timestamp when this token or validation will expire. Sample 2014–08–12T18:57:07z.
fullPath String, Null URL where Let’s Encrypt will request and expect to find ‘token’ as content.
redirectFullPath String, Null URL where Akamai will publish responseBody for Let’s Encrypt to validate. Client can configure a redirect at fullPath to redirect requests to this redirectFullPath URL, keeping in mind that token may change over time.
requestTimestamp String, Null Timestamp Akamai received validation token from Let’s Encrypt. Sample 2014-08-12T18:57:07z.
responseBody String, Null Data Let’s Encrypt expect to find served at fullPath URL.
status String, Null Domain validation status.
token String, Null Validation token issued by Let’s Encrypt.
validatedTimestamp String, Null Timestamp when domain was successfully validated. Sample 2014–08–12T18:57:07z.

Enrollment

An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.

Sample v4 object:

{
    "location": "/cps/v2/enrollments/10002",
    "ra": "third-party",
    "validationType": "third-party",
    "certificateType": "third-party",
    "certificateChainType": "default",
    "networkConfiguration": {
        "geography": "core",
        "secureNetwork": "enhanced-tls",
        "mustHaveCiphers": "ak-akamai-default2016q3",
        "preferredCiphers": "ak-akamai-default",
        "disallowedTlsVersions": [],
        "sni": {
            "cloneDnsNames": false,
            "dnsNames": [
                "san2.example.com",
                "san1.example.com"
            ]
        }
    },
    "signatureAlgorithm": null,
    "changeManagement": true,
    "csr": {
        "cn": "www.example.com",
        "c": "US",
        "st": "MA",
        "l": "Cambridge",
        "o": "Akamai",
        "ou": "WebEx",
        "sans": [
            "san1.example.com",
            "san2.example.com",
            "san3.example.com",
            "san4.example.com",
            "www.example.com"
        ]
    },
    "org": {
        "name": "Akamai Technologies",
        "addressLineOne": "150 Broadway",
        "addressLineTwo": null,
        "city": "Cambridge",
        "region": "MA",
        "postalCode": "02142",
        "country": "US",
        "phone": "617-555-0111"
    },
    "adminContact": {
        "firstName": "Darth",
        "lastName": "Vader",
        "phone": "617-555-0123",
        "email": "vader@example.com",
        "addressLineOne": "666 Evil Way",
        "addressLineTwo": null,
        "city": "Cambridge",
        "country": "US",
        "organizationName": "Dark Side",
        "postalCode": "02142",
        "region": "MA",
        "title": "Lord"
    },
    "techContact": {
        "firstName": "R2",
        "lastName": "D2",
        "phone": "617-555-0111",
        "email": "r2d2@akamai.com",
        "addressLineOne": "150 Broadway",
        "addressLineTwo": null,
        "city": "Cambridge",
        "country": "US",
        "organizationName": "Akamai",
        "postalCode": "02142",
        "region": "MA",
        "title": "Astromech Droid"
    },
    "thirdParty": {
        "excludeSans": false
    },
    "enableMultiStackedCertificates": false,
    "pendingChanges": []
}

Enrollment Members

Member Type Required Description
adminContact Enrollment.adminContact Contact information for the certificate administrator that you want to use as a contact at your company.
certificateType Enumeration Either san, single, wildcard, wildcard-san, or third-party. See Enrollment.validationType Values for details.
changeManagement Boolean If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai’s production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the Edge Staging Network User Guide. You can also contact your account representative with questions or issues with your service on the ESN.
csr Enrollment.csr When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.
location String, Null The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.
networkConfiguration Enrollment.networkConfiguration Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.
org Enrollment.org Your organization information.
pendingChanges Array, Null Returns the Changes currently pending in CPS. The last item in the array is the most recent change.
ra Enumeration The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either symantec, lets-encrypt, or third-party.
signatureAlgorithm Enumeration, Null The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either SHA-1 or SHA-256. We recommend you use SHA–256.
techContact Enrollment.techContact Contact information for an administrator at Akamai.
thirdParty Enrollment.thirdParty, Null Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.
validationType Enumeration There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let’s Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either dv, ev, ov, or third-party.

Enrollment.adminContact  

Contact information for the certificate administrator that you want to use as a contact at your company.

Member Type Required Description
addressLineOne String, Null The address of your organization.
addressLineTwo String, Null The address of your organization.
city String, Null The city where your organization resides.
country String, Null The country where your organization resides.
email String, Null The email address of the administrator who you want to use as a contact at your company.
firstName String, Null The first name of the administrator who you want to use as a contact at your company.
lastName String, Null The last name of the administrator who you want to use as a contact at your company.
organizationName String, Null The name of your organization.
phone String, Null The phone number of your organization.
postalCode String, Null The postal code of your organization.
region String, Null The region of your organization, typically a state or province.
title String, Null The title of the administrator who you want to use as a contact at your company.

Enrollment.csr  

When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.

Member Type Required Description
c String, Null The country code for the country where your organization is located.
cn String The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.
l String, Null Your city in the locality (city).
o String, Null The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.
ou String, Null Your organizational unit.
sans Array, Null Additional common names (CN) to create a Subject Alternative Names (SAN) list. String values.
st String, Null Your state or province.

Enrollment.networkConfiguration  

Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.

Member Type Required Description
disallowedTlsVersions Array, Null Specify the TLS protocol version you want to use. If you specify Use Defaults, CPS uses the TLS protocols that Akamai currently supports as a best practice. If you specify Enable all TLS protocol versions, CPS allows the use of any TLS protocols, including any future TLS protocols. If you specify Disable Specific TLS protocols, you must set the TLS protocols that you do not want to allow. You can set TLS 1.0, TLS 1.1, and TLS 1.2. You must select at least one protocol. If you specify Client TLS Renegotiation, it allows Transport Layer Security (TLS) to renegotiate during a live session. Client TLS Renegotiation allows either side of the TLS/SSL connection to start over and choose again which ciphers to use or whether to generate new session keys or reset any other information. If you specify Disallow, CPS does not allow renegotiation during a live session. We recommend using this default. If you specify Secure, CPS allows renegotiation. We do not recommend selecting this except in rare cases where you configured your site to request or require client certificates. If you specify Warning, CPS allows an insecure style, but writes an entry to the log. If you use f5 load balancers or other equipment that does not support the secure method, you could select this option. Specify Dual Stack RSA+ECDSA to allow the use of multiple certificates on a slot. CPS can then use the best certificate for each client connecting to your site. You must have one RSA certificate per slot. Not all clients can accept ECDSA certificates and CPS automatically downgrades and serves an alternate certificate when required by an individual client. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate.
geography Enumeration Set to core to specify worldwide (excludes China and Russia). Set to china+core to specify worldwide and China. Set to russia+core to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.
mustHaveCiphers String, Null Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
preferredCiphers String, Null Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
secureNetwork String Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai’s standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai’s more secure network with PCI compliance capability.
sni Enrollment.networkConfiguration.sni, Null SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-ONLY. This setting cannot be changed once an enrollment is created.

Enrollment.networkConfiguration.sni  

SNI settings for your enrollment. When set to null, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-ONLY. This setting cannot be changed once an enrollment is created.

Member Type Required Description
cloneDnsNames Boolean Enable if you want CPS to direct traffic using all the SANs listed in the the SANs parameter when you created your enrollment.
dnsNames Array, Null Names served by SNI-only enabled enrollments.

Enrollment.org  

Your organization information.

Member Type Required Description
addressLineOne String, Null The address of your organization.
addressLineTwo String, Null The address of your organization.
city String, Null The city where your organization resides.
country String, Null The country where your organization resides.
name String, Null The name of your organization.
phone String, Null The phone number of the administrator who you want to use as a contact at your company.
postalCode String, Null The postal code of your organization.
region String, Null The region where your organization resides.

Enrollment.techContact  

Contact information for an administrator at Akamai.

Member Type Required Description
addressLineOne String, Null The address for an administrator at Akamai.
addressLineTwo String, Null The address for an administrator at Akamai.
city String, Null The city for an administrator at Akamai.
country String, Null The country for an administrator at Akamai.
email String, Null The email address of the administrator who you want to use as a contact at your company.
firstName String, Null The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.
lastName String, Null The last name of the technical contact who you want to use within Akamai.
organizationName String, Null The name of your organization in Akamai where your technical contact works.
phone String, Null The phone number of the technical contact who you want to use within Akamai.
postalCode String, Null The postal code for an administrator at Akamai.
region String, Null The region for an administrator at Akamai.
title String, Null The title for an administrator at Akamai.

Enrollment.thirdParty  

Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.

Member Type Required Description
excludeSans Boolean If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.

Warnings

Warnings generated by CPS.

Sample v1 object:

{
    "warnings": "Some of the domains being provisioned (%s) exist on another certificate. Akamai recommends against overlapping names on Enhanced TLS and Standard TLS certificates except during digital property migrations. Enhanced TLS traffic could be misdirected in the event of DNS misconfiguration and treated as Standard TLS until the overlap is eliminated."
}

Warnings Members

Member Type Required Description
warnings String, Null String with comma separated list of warnings.

Last modified: 10/26/2017