/
Akamai Certificates Management Guide

Akamai Certificates Management Guide

This article walks you through the types of certificates used in Akamai, how to identify them, and how to renew or repair them as needed. Proper certificate handling is crucial to maintaining secure, uninterrupted service delivery.

🔍 Step 1: Identify the Certificate

  1. Log in to the Akamai Control Center.

  2. Switch to the relevant customer account.

  3. Navigate to CPS (Certificate Provisioning System).
    !

  4. Go to the “In Progress” tab to view certificates nearing expiration.
    !

In the Certificate Type column, you will find one of the following types:

🔐 DVSAN Certificates

DVSAN certificates are issued by Let's Encrypt. These are Domain Validation certificates and are usually auto-renewed by Akamai if the CNAME points to Akamai.

Manual Repair Steps

If renewal fails, follow these steps:

  1. Click the To-Do button in CPS.
    !

  2. Select "Validate Control Over Domain(s)".

  3. You'll see which domains are already validated and which require action.

Manual Validation Methods

There are three supported methods to manually validate your domain:

  • URL Redirect

    • Add a 301 or 302 redirect pointing to the validation token URL.

    • Akamai will detect the redirect and request validation from Let’s Encrypt.

  • HTTP Token

    • Upload a token file to a specific path on your site.

    • Akamai will detect the file and initiate validation.

  • DNS Token

    • Add a TXT record to your domain’s DNS.

    • Safe and non-intrusive; won’t impact your live website.

🔒 OVSAN Certificates

Details for fixing OVSAN certificates should be added here—include validation methods, contact requirements, or renewal instructions specific to Organization Validated certificates.

🌐 OVWildcard Certificates

Provide renewal or validation steps for Wildcard Organization Validated certificates—these typically involve more stringent identity and domain validation processes.

🔗 Third-Party Certificates

For certificates not issued via Akamai (e.g., DigiCert, Sectigo, etc.):

  • You must manually upload a renewed certificate, private key, and CA bundle.

  • Update the certificate using the CPS interface.

  • Validate the certificate chain to avoid trust errors.

📝 Final Recommendations

  • Always monitor the certificate expiration dates in CPS.

  • Ensure email aliases (like admin@yourdomain.com) are monitored for domain validation requests.

  • Automate reminders or integrate with your monitoring tools for proactive management.