Skip to content

Configure Akamai connection

The following guide illustrates connecting CyberArk Certificate Manager - SaaS with Akamai.

Enable Certificate Manager - SaaS to discover existing Akamai enrollments and issue and provision certificates to Akamai.

Prerequisites

You're going to need the following to complete this procedure:

  • An Akamai account.
  • At least one Akamai contract.
  • Akamai API client authentication credentials:
    • Host
    • Access Token
    • Client Token
    • Client Secret
  • At least one active VSatellite to provision certificates to Akamai.

For the Akamai integration, you must create Akamai API client authentication credentials.

When creating the API client in Akamai:

  • Select the API service Certificate Provisioning System.
  • Set the access level to READ-WRITE.
  • Generate the authentication credentials (Host, Access Token, Client Token, and Client Secret).

For more information about creating API client credentials in Akamai, see the Akamai documentation

Note

  • Certificates are issued and provisioned only through a discovered Akamai enrollment.
  • You cannot provision certificates directly from your Certificate Manager - SaaS inventory.
  • When you select Enroll (Issue and provision), Akamai generates the key and certificate signing request (CSR). Certificate Manager - SaaS submits the CSR to the selected certificate authority (CA) and installs the issued certificate on the Akamai enrollment.

Step 1: Create a Cloud Provider

  1. Sign in to Certificate Manager - SaaS.
  2. Click Integrations > Cloud Providers.
  3. Click New.
  4. Enter a Name for the new cloud provider. This name will help CyberArk Certificate Manager - SaaS users to identify this cloud provider.
  5. Select an Owning Team. If you need to create a new team see, create a new team.

  6. Click Continue.

    Note

    • Owning Team - The Owning Team is responsible for the administration, management, and control of a designated cloud provider, with the authority to update, modify, and delete cloud provider resources.
    • Authorized Team - The Authorize Team is granted permission to use specific resources of a cloud provider. Although team members can perform tasks like creating a keystore, their permissions may be limited regarding broader modifications to the provider's configuration. Unlike the Owning Team, users may not have the authority to update and delete Cloud Providers.

  7. Configure access information using your Akamai API client authentication credentials.

    1. Enter any Contracts associated with your Akamai account.
    2. Enter the Host value from your Akamai API client.
    3. Enter the Access Token.
    4. Enter the Client Token.
    5. Enter the Client Secret.
    6. Click Save.

Step 2: Validate the connection

In this step we will validate the connection between Certificate Manager - SaaS and Akamai.

  1. Click Integrations > Cloud Providers.

  2. Find and select the new cloud provider created in Step 1, then click Validate.

    Note

    You may also validate the connection by selecting the new cloud provider, then click the more options ellipsis button to the right and select Validate.

    Note

    You will notice a yellow icon warning-indicator next to your cloud provider that indicates it has yet to be validated. This will go away once you validate and have a successful connection.

If you still have the yellow icon warning-indicator next to your cloud provider, this means you were not able to successfully validate your connection. Go back and check your settings in the above steps.

Step 3: Add a Cloud Keystore

  1. Sign in to Certificate Manager - SaaS.
  2. Click Installations > Cloud Keystores.
  3. Click New and select Akamai CDN.
  4. Enter a Name for the new cloud keystore.
  5. Select an Owning Team. If you need to create a new team, see [create a new team][new-team].

  6. Select an Authorized Team.

    Note

    • Owning Team - The Owning Team is responsible for the administration, management, and control of a designated cloud provider, with the authority to update, modify, and delete cloud provider resources.
    • Authorized Team - The Authorize Team is granted permission to use specific resources of a cloud provider. Although team members can perform tasks like creating a keystore, their permissions may be limited regarding broader modifications to the provider's configuration. Unlike the Owning Team, users may not have the authority to update and delete Cloud Providers.

  7. Select an Akamai Cloud Provider. Only validated providers are listed.

  8. Select a Contract ID
  9. (Optional) Select the toggle toggle switches to enable Start discovery immediately and Include expired certificates.
  10. Click Save.

Step 4: Discover a certificate

  1. Click the more options button next to the cloud keystore you created, and then select Discover now.

    Tip

    You can also delete certificates from this menu.

  2. After the keystore is created, enable certificate discovery:

  3. Turn on toggle Start discovery immediately.

  4. (Optional) Turn on Include expired certificates.

  5. Under Repeat, select Daily, Weekly, or Advanced, and then select the time.

  6. Click Save.

Step 5: Issue and provision a certificate for a discovered Akamai enrollment

Issuing and provisioning requirements

Before you issue and provision a certificate, complete the following:

  1. Configure an issuing template with an Akamai Key Generation System (KGS). For instructions, see Create a certificate issuing template.
  2. Add an application configured with an Akamai issuing template. For instructions, see Create an application in Certificate Manager - SaaS.
  3. Assign an Akamai application to the discovered certificate. For instructions, see Assign or reassign a certificate to an application.
  1. Sign in to Certificate Manager - SaaS.

  2. Click Installations > Cloud Keystores.

  3. Select the Cloud Keystore. The details pane appears on the right.

  4. In the Akamai Certificate List, click the more options button next to the certificate, and then select Enroll (Issue and provision).
  5. Select an Application and an Issuing Template.

  6. Click Issue and provision.

    Note

    After the process completes, Akamai generates a key and certificate signing request (CSR), submits the CSR to the selected certificate authority (CA), and installs the issued certificate in the Akamai Certificate Provisioning System (CPS).

You have now connected Certificate Manager - SaaS to Akamai and issued and provisioned a certificate.