UPDATE, October 2018: the CLI for CPS now supports third-party certificate management. For more details, scroll down to the "Update" section at the bottom of this page.
The Akamai Certificate Provisioning System (CPS) provides full life cycle management of SSL certificates on the Akamai platform. From requesting new certificates to modifying or renewing existing ones to managing TLS ciphers and other extra settings, CPS is a vital component for setting up secure traffic through Akamai. While the Akamai Luna Control Center portal and existing CPS APIs have been the traditional way of managing SSL certificates, we are now pleased to announce Akamai CLI for CPS as another option to fit into your workflow.
Like other CLI packages, it’s available through a simple $ akamai install cps once you have Akamai CLI installed. If you don’t yet have Akamai CLI installed, first follow the installation instructions here (available for macOS, Linux, and Windows).
After installation, ensure the API credentials have the CPS and Contracts API grant/permissions (the Contracts API grant makes it seamless so you don’t need to remember every contract ID). Run the one-time setup command you’re ready to roll:
$ akamai cps setup
From there, you have a variety of commands which can you help you retrieve current enrollments, current deployed certs on both production and staging, change status, and audit capabilities. You’ll also have the ability to create or modify enrollments using the raw JSON format or YAML (see sample template YAML files for the relevant fields you can fill in).
The available CLI commands are below (see the Github repository for full details):
list – See a list of all current enrollments you have access to
retrieve-enrollment – Retrieve full enrollment details in either JSON or YAML format to audit or modify as needed
retrieve-deployed – Retrieve leaf/chain bundles or other deployment information from the production or staging network
audit – Generate a full audit report in either xlsx, csv, or JSON format
status – See details of pending changes (NOTE: change-status details are only there for Let’s Encrypt DV SAN with DNS or HTTP tokens. Stay tuned for third-party and other certificate type change workflows coming soon.)
create – Create a new enrollment from either a JSON or YAML file
update – Update an enrollment from either a JSON or YAML file
cancel – Cancel an existing enrollment if not already deployed on the Akamai platform
Please try out the new Akamai CLI for CPS and let us know what you think by adding your comments in Github. As always, we welcome your feedback!
As of October 2018, version 1.0.0 of the Akamai CLI for CPS now supports third-party certificate management and all other certificate types as well.
In addition to various bug fixes in this version, other highlights include:
- Support for third-party certificates (i.e. creation, CSR retrieval, upload, etc.)
- Acknowledgement of change management (test on staging)
- Acknowledgement of pre/post verification warnings
- Status details for all certificate types
- Audit now defaults to CSV format (json and xslx formats are also still available)
Get v1.0.0 of the Akamai CLI for CPS in Github.
Vreddhi Bhat is a senior solutions architect at Akamai Technologies.