{ "openapi": "3.0.0", "externalDocs": { "description": "See documentation for Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference" }, "info": { "title": "Akamai: Certificate Provisioning System API", "version": "2", "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } }, "paths": { "/enrollments": { "post": { "description": "Creates an enrollment that contains all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions.", "operationId": "post-enrollment", "summary": "Create an enrollment", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/post-enrollment" }, "requestBody": { "required": true, "content": { "application/vnd.akamai.cps.enrollment.v11+json": { "example": { "autoRenewalStartTime": null, "certificateChainType": "default", "certificateType": "third-party", "changeManagement": true, "enableMultiStackedCertificates": false, "id": "10001", "location": "/cps-api/enrollments/10001", "maxAllowedSanNames": 100, "maxAllowedWildcardSanNames": 100, "orgId": "645263546", "ra": "third-party", "signatureAlgorithm": null, "validationType": "third-party", "assignedSlots": [ 1234 ], "productionSlots": [ 1234 ], "stagingSlots": [ 1234 ], "adminContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R1", "lastName": "D1", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Adminstrator" }, "csr": { "c": "US", "cn": "www.example.com", "l": "Cambridge", "o": "Akamai", "ou": "WebEx", "preferredTrustChain": "dst-root-ca-x3", "st": "MA", "sans": [ "san1.example.com", "san2.example.com", "san3.example.com", "www.example.com" ] }, "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "enhanced-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "clientMutualAuthentication": { "setId": "Custom_CPS-6134b_B-3-1AHBENT.xml", "authenticationOptions": { "sendCaListToClient": false, "ocsp": { "enabled": false } } }, "dnsNameSettings": { "cloneDnsNames": false, "dnsNames": [ "san2.example.com", "san1.example.com" ] } }, "org": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "name": "Akamai Technologies", "phone": "617-555-0111", "postalCode": "02142", "region": "MA" }, "techContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R2", "lastName": "D2", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Technical Engineer" }, "thirdParty": { "excludeSans": false }, "pendingChanges": [ { "changeType": "new-certificate", "location": "/cps-api/enrollments/10001/changes/10002" } ] }, "schema": { "additionalProperties": false, "description": "An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.", "type": "object", "required": [ "certificateType", "changeManagement", "csr", "enableMultiStackedCertificates", "networkConfiguration", "ra", "validationType" ], "properties": { "adminContact": { "additionalProperties": false, "description": "Contact information for the certificate administrator that you want to use as a contact at your company.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of your organization.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region of your organization, typically a state or province.", "nullable": true, "type": "string" }, "title": { "description": "The title of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" } } }, "assignedSlots": { "description": "Slots where the certificate either will be deployed or is already deployed.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "autoRenewalStartTime": { "description": "The specific date on which the renewal automatically starts for the enrollment.", "nullable": true, "type": "string" }, "certificateChainType": { "description": "Certificate trust chain type.", "nullable": true, "type": "string", "enum": [ "default", "symantec1kroot" ] }, "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`. See [Enrollment.validationType Values](#validationtype) for details.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "changeManagement": { "description": "If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the [Edge Staging Network User Guide](https://control.akamai.com/dl/customers/other/EDGESERV/ESN-User-Guide.pdf). You can also contact your account representative with questions or issues with your service on the ESN.", "type": "boolean" }, "csr": { "additionalProperties": false, "description": "When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.", "type": "object", "required": [ "cn" ], "properties": { "c": { "description": "The country code for the country where your organization is located.", "nullable": true, "type": "string" }, "cn": { "description": "The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.", "type": "string" }, "l": { "description": "Your city in the locality (city).", "nullable": true, "type": "string" }, "o": { "description": "The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.", "nullable": true, "type": "string" }, "ou": { "description": "Your organizational unit.", "nullable": true, "type": "string" }, "preferredTrustChain": { "description": "For the Let's Encrypt Domain Validated (DV) SAN certificates, the customer may select one of the trust chain options supported by Let's Encrypt, or not fill out this field. The preferred trust chain will be included by CPS with the leaf certificate in the TLS handshake. If the field does not have a value, whichever trust chain Akamai chooses will be used by default.", "nullable": true, "type": "string" }, "sans": { "description": "Additional common names (CN) to create a Subject Alternative Names (SAN) list.", "nullable": true, "type": "array", "items": { "type": "string" } }, "st": { "description": "Your state or province.", "nullable": true, "type": "string" } } }, "enableMultiStackedCertificates": { "description": "Enable Dual-Stacked certificate deployment for this enrollment.", "type": "boolean" }, "id": { "description": "The unique identifier of the enrollment.", "nullable": true, "type": "string" }, "location": { "description": "The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.", "nullable": true, "type": "string" }, "maxAllowedSanNames": { "description": "Maximum number of SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "maxAllowedWildcardSanNames": { "description": "Maximum number of Wildcard SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "networkConfiguration": { "additionalProperties": false, "description": "Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.", "type": "object", "required": [ "geography", "quicEnabled", "secureNetwork", "sniOnly" ], "properties": { "clientMutualAuthentication": { "additionalProperties": false, "description": "The configuration for client mutual authentication. Specifies the trust chain that is used to verify client certificates and some configuration options.", "nullable": true, "type": "object", "properties": { "authenticationOptions": { "additionalProperties": false, "description": "Contains the configuration options for the selected trust chain.", "nullable": true, "type": "object", "properties": { "ocsp": { "additionalProperties": false, "description": "Whether you want to enable OCSP stapling for client certificates.", "nullable": true, "type": "object", "properties": { "enabled": { "description": "Whether the OCSP stapling is enabled.", "nullable": true, "type": "boolean" } } }, "sendCaListToClient": { "description": "Whether you want to enable the server to send the certificate authority (CA) list to the client.", "nullable": true, "type": "boolean" } } }, "setId": { "description": "The identifier of the set of trust chains, created in the Trust Chain Manager.", "nullable": true, "type": "string" } } }, "disallowedTlsVersions": { "description": "Specify the TLS protocol versions you want to disallow.", "nullable": true, "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "nullable": true, "type": "array", "items": { "type": "string" } } } }, "geography": { "description": "Use `core` to specify worldwide (includes China and Russia), `china+core` to specify worldwide and China, and 'russia+core` to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "Enable OCSP stapling for the enrollment. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate. We recommend all customers enable this feature. Use `on`, `off` or `not-set`.", "nullable": true, "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "quicEnabled": { "description": "Set to true to enable QUIC protocol.", "type": "boolean" }, "secureNetwork": { "description": "Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "SNI settings for your enrollment. Set to `true` to enable SNI-only for the enrollment. This setting cannot be changed once an enrollment is created.", "type": "boolean" } } }, "org": { "additionalProperties": false, "description": "Your organization information.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "name": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region where your organization resides.", "nullable": true, "type": "string" } } }, "orgId": { "description": "The Digicert unique identifier for the organization. If an orgId value is provided in a PUT or POST request, it is recommended to leave the org, techContact, and adminContact fields null.", "nullable": true, "type": "integer" }, "pendingChanges": { "description": "Returns the Changes currently pending in CPS. The last item in the array is the most recent change.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "location" ], "properties": { "changeType": { "description": "Pending change action.", "nullable": true, "type": "string", "enum": [ "new-certificate", "modify-certificate", "modify-san", "renewal" ] }, "location": { "description": "Location to fetch related change information.", "type": "string" } } } }, "productionSlots": { "description": "Slots where the certificate is deployed on the production network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "ra": { "description": "The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either `symantec`, `lets-encrypt`, or `third-party`.", "type": "string", "enum": [ "symantec", "lets-encrypt", "third-party" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either `SHA-1` or `SHA-256`. We recommend you use SHA-256.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "stagingSlots": { "description": "Slots where the certificate is deployed on the staging network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "techContact": { "additionalProperties": false, "description": "Contact information for an administrator at Akamai.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "city": { "description": "The city for an administrator at Akamai.", "nullable": true, "type": "string" }, "country": { "description": "The country for an administrator at Akamai.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization in Akamai where your technical contact works.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code for an administrator at Akamai.", "nullable": true, "type": "string" }, "region": { "description": "The region for an administrator at Akamai.", "nullable": true, "type": "string" }, "title": { "description": "The title for an administrator at Akamai.", "nullable": true, "type": "string" } } }, "thirdParty": { "additionalProperties": false, "description": "Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.", "nullable": true, "type": "object", "required": [ "excludeSans" ], "properties": { "excludeSans": { "description": "If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.", "type": "boolean" } } }, "validationType": { "description": "There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either `dv`, `ev`, `ov`, or `third-party`.", "type": "string", "enum": [ "dv", "ev", "ov", "third-party" ] } }, "x-akamai": { "file-path": "schemas/enrollment.v11.yaml" } } } } }, "responses": { "202": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.enrollment-status.v1+json": { "example": { "enrollment": "/cps/v2/enrollments/10002", "changes": [ "/cps/v2/enrollments/10002/changes/10002" ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "changes", "enrollment" ], "properties": { "changes": { "type": "array", "items": { "type": "string" } }, "enrollment": { "type": "string" } }, "x-akamai": { "file-path": "schemas/enrollment-status.v1.yaml" } } } } } }, "parameters": [ { "description": "Specify the contract on which to operate or view.", "example": "{{contractId}}", "in": "query", "name": "contractId", "required": true, "schema": { "example": "1-1TJZH5", "type": "string" }, "x-akamai": { "file-path": "parameters/contractId-query.yaml" } }, { "description": "Don't deploy after this date (UTC).", "example": "{{deploy-not-after}}", "in": "query", "name": "deploy-not-after", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-after-query.yaml" } }, { "description": "Don't deploy before this date (UTC).", "example": "{{deploy-not-before}}", "in": "query", "name": "deploy-not-before", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-before-query.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "get": { "description": "A list of the names of each enrollment.", "operationId": "get-enrollments", "summary": "List enrollments", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-enrollments" }, "responses": { "200": { "description": "Success.", "content": { "application/vnd.akamai.cps.enrollments.v11+json": { "example": { "enrollments": [ { "autoRenewalStartTime": null, "certificateChainType": "default", "certificateType": "third-party", "changeManagement": true, "enableMultiStackedCertificates": false, "id": "10001", "location": "/cps-api/enrollments/10001", "maxAllowedSanNames": 100, "maxAllowedWildcardSanNames": 100, "orgId": "645263546", "ra": "third-party", "signatureAlgorithm": null, "validationType": "third-party", "assignedSlots": [ 1234 ], "slots": [ 1234 ], "stagingSlots": [ 1234 ], "adminContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R1", "lastName": "D1", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Adminstrator" }, "csr": { "c": "US", "cn": "www.example.com", "l": "Cambridge", "o": "Akamai", "ou": "WebEx", "preferredTrustChain": "dst-root-ca-x3", "st": "MA", "sans": [ "san1.example.com", "san2.example.com", "san3.example.com", "www.example.com" ] }, "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "enhanced-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "clientMutualAuthentication": { "setId": "Custom_CPS-6134b_B-3-1AHBENT.xml", "authenticationOptions": { "sendCaListToClient": false, "ocsp": { "enabled": false } } }, "dnsNameSettings": { "cloneDnsNames": false, "dnsNames": [ "san2.example.com", "san1.example.com" ] } }, "org": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "name": "Akamai Technologies", "phone": "617-555-0111", "postalCode": "02142", "region": "MA" }, "techContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R2", "lastName": "D2", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Technical Engineer" }, "thirdParty": { "excludeSans": false }, "pendingChanges": [ { "changeType": "new-certificate", "location": "/cps-api/enrollments/10001/changes/10002" } ] } ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "enrollments" ], "properties": { "enrollments": { "description": "The actual list of enrollments.", "type": "array", "items": { "additionalProperties": false, "description": "An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.", "type": "object", "required": [ "certificateType", "changeManagement", "csr", "enableMultiStackedCertificates", "networkConfiguration", "ra", "validationType" ], "properties": { "adminContact": { "additionalProperties": false, "description": "Contact information for the certificate administrator that you want to use as a contact at your company.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of your organization.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region of your organization, typically a state or province.", "nullable": true, "type": "string" }, "title": { "description": "The title of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" } } }, "assignedSlots": { "description": "Slots where the certificate either will be deployed or is already deployed.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "autoRenewalStartTime": { "description": "The specific date on which the renewal automatically starts for the enrollment.", "nullable": true, "type": "string" }, "certificateChainType": { "description": "Certificate trust chain type.", "nullable": true, "type": "string", "enum": [ "default", "symantec1kroot" ] }, "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`. See [Enrollment.validationType Values](#validationtype) for details.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "changeManagement": { "description": "If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the [Edge Staging Network User Guide](https://control.akamai.com/dl/customers/other/EDGESERV/ESN-User-Guide.pdf). You can also contact your account representative with questions or issues with your service on the ESN.", "type": "boolean" }, "csr": { "additionalProperties": false, "description": "When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.", "type": "object", "required": [ "cn" ], "properties": { "c": { "description": "The country code for the country where your organization is located.", "nullable": true, "type": "string" }, "cn": { "description": "The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.", "type": "string" }, "l": { "description": "Your city in the locality (city).", "nullable": true, "type": "string" }, "o": { "description": "The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.", "nullable": true, "type": "string" }, "ou": { "description": "Your organizational unit.", "nullable": true, "type": "string" }, "preferredTrustChain": { "description": "For the Let's Encrypt Domain Validated (DV) SAN certificates, the customer may select one of the trust chain options supported by Let's Encrypt, or not fill out this field. The preferred trust chain will be included by CPS with the leaf certificate in the TLS handshake. If the field does not have a value, whichever trust chain Akamai chooses will be used by default.", "nullable": true, "type": "string" }, "sans": { "description": "Additional common names (CN) to create a Subject Alternative Names (SAN) list.", "nullable": true, "type": "array", "items": { "type": "string" } }, "st": { "description": "Your state or province.", "nullable": true, "type": "string" } } }, "enableMultiStackedCertificates": { "description": "Enable Dual-Stacked certificate deployment for this enrollment.", "type": "boolean" }, "id": { "description": "The unique identifier of the enrollment.", "nullable": true, "type": "string" }, "location": { "description": "The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.", "nullable": true, "type": "string" }, "maxAllowedSanNames": { "description": "Maximum number of SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "maxAllowedWildcardSanNames": { "description": "Maximum number of Wildcard SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "networkConfiguration": { "additionalProperties": false, "description": "Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.", "type": "object", "required": [ "geography", "quicEnabled", "secureNetwork", "sniOnly" ], "properties": { "clientMutualAuthentication": { "additionalProperties": false, "description": "The configuration for client mutual authentication. Specifies the trust chain that is used to verify client certificates and some configuration options.", "nullable": true, "type": "object", "properties": { "authenticationOptions": { "additionalProperties": false, "description": "Contains the configuration options for the selected trust chain.", "nullable": true, "type": "object", "properties": { "ocsp": { "additionalProperties": false, "description": "Whether you want to enable OCSP stapling for client certificates.", "nullable": true, "type": "object", "properties": { "enabled": { "description": "Whether the OCSP stapling is enabled.", "nullable": true, "type": "boolean" } } }, "sendCaListToClient": { "description": "Whether you want to enable the server to send the certificate authority (CA) list to the client.", "nullable": true, "type": "boolean" } } }, "setId": { "description": "The identifier of the set of trust chains, created in the Trust Chain Manager.", "nullable": true, "type": "string" } } }, "disallowedTlsVersions": { "description": "Specify the TLS protocol versions you want to disallow.", "nullable": true, "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "nullable": true, "type": "array", "items": { "type": "string" } } } }, "geography": { "description": "Use `core` to specify worldwide (includes China and Russia), `china+core` to specify worldwide and China, and 'russia+core` to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "Enable OCSP stapling for the enrollment. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate. We recommend all customers enable this feature. Use `on`, `off` or `not-set`.", "nullable": true, "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "quicEnabled": { "description": "Set to true to enable QUIC protocol.", "type": "boolean" }, "secureNetwork": { "description": "Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "SNI settings for your enrollment. Set to `true` to enable SNI-only for the enrollment. This setting cannot be changed once an enrollment is created.", "type": "boolean" } } }, "org": { "additionalProperties": false, "description": "Your organization information.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "name": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region where your organization resides.", "nullable": true, "type": "string" } } }, "orgId": { "description": "The Digicert unique identifier for the organization. If an orgId value is provided in a PUT or POST request, it is recommended to leave the org, techContact, and adminContact fields null.", "nullable": true, "type": "integer" }, "pendingChanges": { "description": "Returns the Changes currently pending in CPS. The last item in the array is the most recent change.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "location" ], "properties": { "changeType": { "description": "Pending change action.", "nullable": true, "type": "string", "enum": [ "new-certificate", "modify-certificate", "modify-san", "renewal" ] }, "location": { "description": "Location to fetch related change information.", "type": "string" } } } }, "productionSlots": { "description": "Slots where the certificate is deployed on the production network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "ra": { "description": "The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either `symantec`, `lets-encrypt`, or `third-party`.", "type": "string", "enum": [ "symantec", "lets-encrypt", "third-party" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either `SHA-1` or `SHA-256`. We recommend you use SHA-256.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "stagingSlots": { "description": "Slots where the certificate is deployed on the staging network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "techContact": { "additionalProperties": false, "description": "Contact information for an administrator at Akamai.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "city": { "description": "The city for an administrator at Akamai.", "nullable": true, "type": "string" }, "country": { "description": "The country for an administrator at Akamai.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization in Akamai where your technical contact works.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code for an administrator at Akamai.", "nullable": true, "type": "string" }, "region": { "description": "The region for an administrator at Akamai.", "nullable": true, "type": "string" }, "title": { "description": "The title for an administrator at Akamai.", "nullable": true, "type": "string" } } }, "thirdParty": { "additionalProperties": false, "description": "Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.", "nullable": true, "type": "object", "required": [ "excludeSans" ], "properties": { "excludeSans": { "description": "If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.", "type": "boolean" } } }, "validationType": { "description": "There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either `dv`, `ev`, `ov`, or `third-party`.", "type": "string", "enum": [ "dv", "ev", "ov", "third-party" ] } }, "x-akamai": { "file-path": "schemas/enrollment.v11.yaml" } } } }, "x-akamai": { "file-path": "schemas/enrollments.v11.yaml" } } } } } }, "parameters": [ { "description": "Specify the contract on which to operate or view.", "example": "{{contractId}}", "in": "query", "name": "contractId", "required": true, "schema": { "example": "1-1TJZH5", "type": "string" }, "x-akamai": { "file-path": "parameters/contractId-query.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] } }, "/enrollments/{enrollmentId}": { "get": { "description": "Gets an enrollment.", "operationId": "get-enrollment", "summary": "Get an enrollment", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-enrollment" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.enrollment.v11+json": { "example": { "autoRenewalStartTime": null, "certificateChainType": "default", "certificateType": "third-party", "changeManagement": true, "enableMultiStackedCertificates": false, "id": "10001", "location": "/cps-api/enrollments/10001", "maxAllowedSanNames": 100, "maxAllowedWildcardSanNames": 100, "orgId": "645263546", "ra": "third-party", "signatureAlgorithm": null, "validationType": "third-party", "assignedSlots": [ 1234 ], "productionSlots": [ 1234 ], "stagingSlots": [ 1234 ], "adminContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R1", "lastName": "D1", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Adminstrator" }, "csr": { "c": "US", "cn": "www.example.com", "l": "Cambridge", "o": "Akamai", "ou": "WebEx", "preferredTrustChain": "dst-root-ca-x3", "st": "MA", "sans": [ "san1.example.com", "san2.example.com", "san3.example.com", "www.example.com" ] }, "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "enhanced-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "clientMutualAuthentication": { "setId": "Custom_CPS-6134b_B-3-1AHBENT.xml", "authenticationOptions": { "sendCaListToClient": false, "ocsp": { "enabled": false } } }, "dnsNameSettings": { "cloneDnsNames": false, "dnsNames": [ "san2.example.com", "san1.example.com" ] } }, "org": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "name": "Akamai Technologies", "phone": "617-555-0111", "postalCode": "02142", "region": "MA" }, "techContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R2", "lastName": "D2", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Technical Engineer" }, "thirdParty": { "excludeSans": false }, "pendingChanges": [ { "changeType": "new-certificate", "location": "/cps-api/enrollments/10001/changes/10002" } ] }, "schema": { "additionalProperties": false, "description": "An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.", "type": "object", "required": [ "certificateType", "changeManagement", "csr", "enableMultiStackedCertificates", "networkConfiguration", "ra", "validationType" ], "properties": { "adminContact": { "additionalProperties": false, "description": "Contact information for the certificate administrator that you want to use as a contact at your company.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of your organization.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region of your organization, typically a state or province.", "nullable": true, "type": "string" }, "title": { "description": "The title of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" } } }, "assignedSlots": { "description": "Slots where the certificate either will be deployed or is already deployed.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "autoRenewalStartTime": { "description": "The specific date on which the renewal automatically starts for the enrollment.", "nullable": true, "type": "string" }, "certificateChainType": { "description": "Certificate trust chain type.", "nullable": true, "type": "string", "enum": [ "default", "symantec1kroot" ] }, "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`. See [Enrollment.validationType Values](#validationtype) for details.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "changeManagement": { "description": "If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the [Edge Staging Network User Guide](https://control.akamai.com/dl/customers/other/EDGESERV/ESN-User-Guide.pdf). You can also contact your account representative with questions or issues with your service on the ESN.", "type": "boolean" }, "csr": { "additionalProperties": false, "description": "When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.", "type": "object", "required": [ "cn" ], "properties": { "c": { "description": "The country code for the country where your organization is located.", "nullable": true, "type": "string" }, "cn": { "description": "The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.", "type": "string" }, "l": { "description": "Your city in the locality (city).", "nullable": true, "type": "string" }, "o": { "description": "The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.", "nullable": true, "type": "string" }, "ou": { "description": "Your organizational unit.", "nullable": true, "type": "string" }, "preferredTrustChain": { "description": "For the Let's Encrypt Domain Validated (DV) SAN certificates, the customer may select one of the trust chain options supported by Let's Encrypt, or not fill out this field. The preferred trust chain will be included by CPS with the leaf certificate in the TLS handshake. If the field does not have a value, whichever trust chain Akamai chooses will be used by default.", "nullable": true, "type": "string" }, "sans": { "description": "Additional common names (CN) to create a Subject Alternative Names (SAN) list.", "nullable": true, "type": "array", "items": { "type": "string" } }, "st": { "description": "Your state or province.", "nullable": true, "type": "string" } } }, "enableMultiStackedCertificates": { "description": "Enable Dual-Stacked certificate deployment for this enrollment.", "type": "boolean" }, "id": { "description": "The unique identifier of the enrollment.", "nullable": true, "type": "string" }, "location": { "description": "The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.", "nullable": true, "type": "string" }, "maxAllowedSanNames": { "description": "Maximum number of SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "maxAllowedWildcardSanNames": { "description": "Maximum number of Wildcard SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "networkConfiguration": { "additionalProperties": false, "description": "Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.", "type": "object", "required": [ "geography", "quicEnabled", "secureNetwork", "sniOnly" ], "properties": { "clientMutualAuthentication": { "additionalProperties": false, "description": "The configuration for client mutual authentication. Specifies the trust chain that is used to verify client certificates and some configuration options.", "nullable": true, "type": "object", "properties": { "authenticationOptions": { "additionalProperties": false, "description": "Contains the configuration options for the selected trust chain.", "nullable": true, "type": "object", "properties": { "ocsp": { "additionalProperties": false, "description": "Whether you want to enable OCSP stapling for client certificates.", "nullable": true, "type": "object", "properties": { "enabled": { "description": "Whether the OCSP stapling is enabled.", "nullable": true, "type": "boolean" } } }, "sendCaListToClient": { "description": "Whether you want to enable the server to send the certificate authority (CA) list to the client.", "nullable": true, "type": "boolean" } } }, "setId": { "description": "The identifier of the set of trust chains, created in the Trust Chain Manager.", "nullable": true, "type": "string" } } }, "disallowedTlsVersions": { "description": "Specify the TLS protocol versions you want to disallow.", "nullable": true, "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "nullable": true, "type": "array", "items": { "type": "string" } } } }, "geography": { "description": "Use `core` to specify worldwide (includes China and Russia), `china+core` to specify worldwide and China, and 'russia+core` to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "Enable OCSP stapling for the enrollment. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate. We recommend all customers enable this feature. Use `on`, `off` or `not-set`.", "nullable": true, "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "quicEnabled": { "description": "Set to true to enable QUIC protocol.", "type": "boolean" }, "secureNetwork": { "description": "Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "SNI settings for your enrollment. Set to `true` to enable SNI-only for the enrollment. This setting cannot be changed once an enrollment is created.", "type": "boolean" } } }, "org": { "additionalProperties": false, "description": "Your organization information.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "name": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region where your organization resides.", "nullable": true, "type": "string" } } }, "orgId": { "description": "The Digicert unique identifier for the organization. If an orgId value is provided in a PUT or POST request, it is recommended to leave the org, techContact, and adminContact fields null.", "nullable": true, "type": "integer" }, "pendingChanges": { "description": "Returns the Changes currently pending in CPS. The last item in the array is the most recent change.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "location" ], "properties": { "changeType": { "description": "Pending change action.", "nullable": true, "type": "string", "enum": [ "new-certificate", "modify-certificate", "modify-san", "renewal" ] }, "location": { "description": "Location to fetch related change information.", "type": "string" } } } }, "productionSlots": { "description": "Slots where the certificate is deployed on the production network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "ra": { "description": "The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either `symantec`, `lets-encrypt`, or `third-party`.", "type": "string", "enum": [ "symantec", "lets-encrypt", "third-party" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either `SHA-1` or `SHA-256`. We recommend you use SHA-256.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "stagingSlots": { "description": "Slots where the certificate is deployed on the staging network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "techContact": { "additionalProperties": false, "description": "Contact information for an administrator at Akamai.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "city": { "description": "The city for an administrator at Akamai.", "nullable": true, "type": "string" }, "country": { "description": "The country for an administrator at Akamai.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization in Akamai where your technical contact works.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code for an administrator at Akamai.", "nullable": true, "type": "string" }, "region": { "description": "The region for an administrator at Akamai.", "nullable": true, "type": "string" }, "title": { "description": "The title for an administrator at Akamai.", "nullable": true, "type": "string" } } }, "thirdParty": { "additionalProperties": false, "description": "Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.", "nullable": true, "type": "object", "required": [ "excludeSans" ], "properties": { "excludeSans": { "description": "If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.", "type": "boolean" } } }, "validationType": { "description": "There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either `dv`, `ev`, `ov`, or `third-party`.", "type": "string", "enum": [ "dv", "ev", "ov", "third-party" ] } }, "x-akamai": { "file-path": "schemas/enrollment.v11.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "put": { "description": "Updates an enrollment with changes. Response type will vary depending on the type and impact of change. For example, changing SANs list may return HTTP 202 Accepted since the operation require a new certificate and network deployment operations, and thus cannot be completed without a change. On the contrary, for example a Technical Contact name change may return HTTP 200 OK assuming there are no active change and when the operation does not require a new certificate.", "operationId": "put-enrollment", "summary": "Update an enrollment", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/put-enrollment" }, "requestBody": { "required": true, "content": { "application/vnd.akamai.cps.enrollment.v11+json": { "example": { "autoRenewalStartTime": null, "certificateChainType": "default", "certificateType": "third-party", "changeManagement": true, "enableMultiStackedCertificates": false, "id": "10001", "location": "/cps-api/enrollments/10001", "maxAllowedSanNames": 100, "maxAllowedWildcardSanNames": 100, "orgId": "645263546", "ra": "third-party", "signatureAlgorithm": null, "validationType": "third-party", "assignedSlots": [ 1234 ], "productionSlots": [ 1234 ], "stagingSlots": [ 1234 ], "adminContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R1", "lastName": "D1", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Adminstrator" }, "csr": { "c": "US", "cn": "www.example.com", "l": "Cambridge", "o": "Akamai", "ou": "WebEx", "preferredTrustChain": "dst-root-ca-x3", "st": "MA", "sans": [ "san1.example.com", "san2.example.com", "san3.example.com", "www.example.com" ] }, "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "enhanced-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "clientMutualAuthentication": { "setId": "Custom_CPS-6134b_B-3-1AHBENT.xml", "authenticationOptions": { "sendCaListToClient": false, "ocsp": { "enabled": false } } }, "dnsNameSettings": { "cloneDnsNames": false, "dnsNames": [ "san2.example.com", "san1.example.com" ] } }, "org": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "name": "Akamai Technologies", "phone": "617-555-0111", "postalCode": "02142", "region": "MA" }, "techContact": { "addressLineOne": "150 Broadway", "addressLineTwo": null, "city": "Cambridge", "country": "US", "email": "email@example.com", "firstName": "R2", "lastName": "D2", "organizationName": "Akamai", "phone": "617-555-0111", "postalCode": "02142", "region": "MA", "title": "Technical Engineer" }, "thirdParty": { "excludeSans": false }, "pendingChanges": [ { "changeType": "new-certificate", "location": "/cps-api/enrollments/10001/changes/10002" } ] }, "schema": { "additionalProperties": false, "description": "An enrollment displays all the information about the process that your certificate goes through from the time you request it, through renewal, and as you obtain subsequent versions. CPS is a certificate life cycle management tool. Once you obtain a certificate, you use it until it expires, in most cases a year from the date the CA issued the certificate. CPS automatically starts the renewal process 90 days before the old certificate expires. It then automatically deploys the renewed certificate when it receives it from the CA.", "type": "object", "required": [ "certificateType", "changeManagement", "csr", "enableMultiStackedCertificates", "networkConfiguration", "ra", "validationType" ], "properties": { "adminContact": { "additionalProperties": false, "description": "Contact information for the certificate administrator that you want to use as a contact at your company.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of your organization.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region of your organization, typically a state or province.", "nullable": true, "type": "string" }, "title": { "description": "The title of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" } } }, "assignedSlots": { "description": "Slots where the certificate either will be deployed or is already deployed.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "autoRenewalStartTime": { "description": "The specific date on which the renewal automatically starts for the enrollment.", "nullable": true, "type": "string" }, "certificateChainType": { "description": "Certificate trust chain type.", "nullable": true, "type": "string", "enum": [ "default", "symantec1kroot" ] }, "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`. See [Enrollment.validationType Values](#validationtype) for details.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "changeManagement": { "description": "If you turn change management on for an enrollment, it stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. You can test the certificate outside of CPS, on the Edge Staging Network (ESN), to make sure it works in your environment and then deploy the certificate. The ESN is a small network of Akamai edge servers built to simulate Akamai's production network to test most of your site or application functionality with current production version configuration options and functions. For more information on the ESN, see the [Edge Staging Network User Guide](https://control.akamai.com/dl/customers/other/EDGESERV/ESN-User-Guide.pdf). You can also contact your account representative with questions or issues with your service on the ESN.", "type": "boolean" }, "csr": { "additionalProperties": false, "description": "When you create an enrollment, you also generate a certificate signing request (CSR) using CPS. CPS signs the CSR with the private key. The CSR contains all the information the CA needs to issue your certificate.", "type": "object", "required": [ "cn" ], "properties": { "c": { "description": "The country code for the country where your organization is located.", "nullable": true, "type": "string" }, "cn": { "description": "The common name (CN) you want to use for the certificate in the Common Name field. The domain name you specify here must be owned or have legal rights to use the domain by the company you enter in the Organization field in this tab. The company that owns the domain name must be a legally incorporated entity and be active and in good standing.", "type": "string" }, "l": { "description": "Your city in the locality (city).", "nullable": true, "type": "string" }, "o": { "description": "The name of your company or organization. Enter the name as it appears in all legal documents and as it appears in the legal entity filing.", "nullable": true, "type": "string" }, "ou": { "description": "Your organizational unit.", "nullable": true, "type": "string" }, "preferredTrustChain": { "description": "For the Let's Encrypt Domain Validated (DV) SAN certificates, the customer may select one of the trust chain options supported by Let's Encrypt, or not fill out this field. The preferred trust chain will be included by CPS with the leaf certificate in the TLS handshake. If the field does not have a value, whichever trust chain Akamai chooses will be used by default.", "nullable": true, "type": "string" }, "sans": { "description": "Additional common names (CN) to create a Subject Alternative Names (SAN) list.", "nullable": true, "type": "array", "items": { "type": "string" } }, "st": { "description": "Your state or province.", "nullable": true, "type": "string" } } }, "enableMultiStackedCertificates": { "description": "Enable Dual-Stacked certificate deployment for this enrollment.", "type": "boolean" }, "id": { "description": "The unique identifier of the enrollment.", "nullable": true, "type": "string" }, "location": { "description": "The URI path to the enrollment. The last segment of the URI path serves as a unique identifier for the enrollment.", "nullable": true, "type": "string" }, "maxAllowedSanNames": { "description": "Maximum number of SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "maxAllowedWildcardSanNames": { "description": "Maximum number of Wildcard SAN names supported for this enrollment type.", "nullable": true, "type": "integer" }, "networkConfiguration": { "additionalProperties": false, "description": "Settings that specify any network information and TLS Metadata you want CPS to use to push the completed certificate to the network.", "type": "object", "required": [ "geography", "quicEnabled", "secureNetwork", "sniOnly" ], "properties": { "clientMutualAuthentication": { "additionalProperties": false, "description": "The configuration for client mutual authentication. Specifies the trust chain that is used to verify client certificates and some configuration options.", "nullable": true, "type": "object", "properties": { "authenticationOptions": { "additionalProperties": false, "description": "Contains the configuration options for the selected trust chain.", "nullable": true, "type": "object", "properties": { "ocsp": { "additionalProperties": false, "description": "Whether you want to enable OCSP stapling for client certificates.", "nullable": true, "type": "object", "properties": { "enabled": { "description": "Whether the OCSP stapling is enabled.", "nullable": true, "type": "boolean" } } }, "sendCaListToClient": { "description": "Whether you want to enable the server to send the certificate authority (CA) list to the client.", "nullable": true, "type": "boolean" } } }, "setId": { "description": "The identifier of the set of trust chains, created in the Trust Chain Manager.", "nullable": true, "type": "string" } } }, "disallowedTlsVersions": { "description": "Specify the TLS protocol versions you want to disallow.", "nullable": true, "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "nullable": true, "type": "array", "items": { "type": "string" } } } }, "geography": { "description": "Use `core` to specify worldwide (includes China and Russia), `china+core` to specify worldwide and China, and 'russia+core` to specify worldwide and Russia. You can only use this setting to include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "Enable OCSP stapling for the enrollment. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Specify OCSP Stapling if you want to improve performance by allowing the visitors to your site to query the Online Certificate Status Protocol (OCSP) server at regular intervals to obtain a signed time-stamped OCSP response. This response must be signed by the CA, not the server, therefore ensuring security. Disable OSCP Stapling if you want visitors to your site to contact the CA directly for an OSCP response. OCSP allows you to obtain the revocation status of a certificate. We recommend all customers enable this feature. Use `on`, `off` or `not-set`.", "nullable": true, "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "nullable": true, "type": "string" }, "quicEnabled": { "description": "Set to true to enable QUIC protocol.", "type": "boolean" }, "secureNetwork": { "description": "Set the type of deployment network you want to use. Set Standard TLS to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Set Enhanced TLS to deploy your certificate to Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "SNI settings for your enrollment. Set to `true` to enable SNI-only for the enrollment. This setting cannot be changed once an enrollment is created.", "type": "boolean" } } }, "org": { "additionalProperties": false, "description": "Your organization information.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address of your organization.", "nullable": true, "type": "string" }, "city": { "description": "The city where your organization resides.", "nullable": true, "type": "string" }, "country": { "description": "The country where your organization resides.", "nullable": true, "type": "string" }, "name": { "description": "The name of your organization.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code of your organization.", "nullable": true, "type": "string" }, "region": { "description": "The region where your organization resides.", "nullable": true, "type": "string" } } }, "orgId": { "description": "The Digicert unique identifier for the organization. If an orgId value is provided in a PUT or POST request, it is recommended to leave the org, techContact, and adminContact fields null.", "nullable": true, "type": "integer" }, "pendingChanges": { "description": "Returns the Changes currently pending in CPS. The last item in the array is the most recent change.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "location" ], "properties": { "changeType": { "description": "Pending change action.", "nullable": true, "type": "string", "enum": [ "new-certificate", "modify-certificate", "modify-san", "renewal" ] }, "location": { "description": "Location to fetch related change information.", "type": "string" } } } }, "productionSlots": { "description": "Slots where the certificate is deployed on the production network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "ra": { "description": "The registration authority or certificate authority (CA) you want to use to obtain a certificate. A CA is a trusted entity that signs certificates and can vouch for the identity of a website. Either `symantec`, `lets-encrypt`, or `third-party`.", "type": "string", "enum": [ "symantec", "lets-encrypt", "third-party" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. NSA designed this function to produce a hash of certificate contents, which is used in a digital signature. Specify either `SHA-1` or `SHA-256`. We recommend you use SHA-256.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "stagingSlots": { "description": "Slots where the certificate is deployed on the staging network.", "nullable": true, "type": "array", "items": { "type": "integer" } }, "techContact": { "additionalProperties": false, "description": "Contact information for an administrator at Akamai.", "nullable": true, "type": "object", "properties": { "addressLineOne": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "addressLineTwo": { "description": "The address for an administrator at Akamai.", "nullable": true, "type": "string" }, "city": { "description": "The city for an administrator at Akamai.", "nullable": true, "type": "string" }, "country": { "description": "The country for an administrator at Akamai.", "nullable": true, "type": "string" }, "email": { "description": "The email address of the administrator who you want to use as a contact at your company.", "nullable": true, "type": "string" }, "firstName": { "description": "The first name of the technical contact who you want to use within Akamai. This is the person you work closest with at Akamai who can verify the certificate request. This is the person the CA calls if there are any issues with the certificate and they cannot reach the administrator.", "nullable": true, "type": "string" }, "lastName": { "description": "The last name of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "organizationName": { "description": "The name of your organization in Akamai where your technical contact works.", "nullable": true, "type": "string" }, "phone": { "description": "The phone number of the technical contact who you want to use within Akamai.", "nullable": true, "type": "string" }, "postalCode": { "description": "The postal code for an administrator at Akamai.", "nullable": true, "type": "string" }, "region": { "description": "The region for an administrator at Akamai.", "nullable": true, "type": "string" }, "title": { "description": "The title for an administrator at Akamai.", "nullable": true, "type": "string" } } }, "thirdParty": { "additionalProperties": false, "description": "Specifies that you want to use a third party certificate. This is any certificate that is not issued through CPS.", "nullable": true, "type": "object", "required": [ "excludeSans" ], "properties": { "excludeSans": { "description": "If this is true, then the SANs in the enrollment do not appear in the CSR that CPS submits to the CA.", "type": "boolean" } } }, "validationType": { "description": "There are three types of validation. Domain Validation (DV), which is the lowest level of validation. The CA validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, a free, automated, and open CA, run for public benefit. Organization Validation (OV), which is the next level of validation. The CA validates that you have control of the domain. Extended Validation (EV), which is the highest level of validation in which you must have signed letters and notaries sent to the CA before signing. You can also specify third party as a type of validation, if you want to use a signed certificate obtained by you from a CA not supported by CPS. Either `dv`, `ev`, `ov`, or `third-party`.", "type": "string", "enum": [ "dv", "ev", "ov", "third-party" ] } }, "x-akamai": { "file-path": "schemas/enrollment.v11.yaml" } } } } }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.enrollment-status.v1+json": { "example": { "enrollment": "/cps/v2/enrollments/10002", "changes": [ "/cps/v2/enrollments/10002/changes/10002" ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "changes", "enrollment" ], "properties": { "changes": { "type": "array", "items": { "type": "string" } }, "enrollment": { "type": "string" } }, "x-akamai": { "file-path": "schemas/enrollment-status.v1.yaml" } } } } }, "202": { "description": "Resource successfully accepted.", "content": { "application/vnd.akamai.cps.enrollment-status.v1+json": { "example": { "enrollment": "/cps/v2/enrollments/10002", "changes": [ "/cps/v2/enrollments/10002/changes/10002" ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "changes", "enrollment" ], "properties": { "changes": { "type": "array", "items": { "type": "string" } }, "enrollment": { "type": "string" } }, "x-akamai": { "file-path": "schemas/enrollment-status.v1.yaml" } } } } } }, "parameters": [ { "description": "All pending changes to be cancelled when updating an enrollment.", "example": "{{allow-cancel-pending-changes}}", "in": "query", "name": "allow-cancel-pending-changes", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/allow-cancel-pending-changes-query.yaml" } }, { "description": "Bypass staging and push meta-data updates directly to production network. Current change will also be updated with the same changes.", "example": "{{allow-staging-bypass}}", "in": "query", "name": "allow-staging-bypass", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/allow-staging-bypass-query.yaml" } }, { "description": "Don't deploy after this date (UTC).", "example": "{{deploy-not-after}}", "in": "query", "name": "deploy-not-after", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-after-query.yaml" } }, { "description": "Don't deploy before this date (UTC).", "example": "{{deploy-not-before}}", "in": "query", "name": "deploy-not-before", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-before-query.yaml" } }, { "description": "Force certificate renewal for Enrollment.", "example": "{{force-renewal}}", "in": "query", "name": "force-renewal", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/force-renewal-query.yaml" } }, { "description": "CPS will automatically start a Change to renew certificates in time before they expire. This automatic Change is started when Certificate's expiration is within a renewal window, and system will protect against other changes started during this renewal window. Setting `renewal-date-check-override=true` will allow creating a Change during the renewal window, potentially running the risk of ending up with an expired certificate on the network.", "example": "{{renewal-date-check-override}}", "in": "query", "name": "renewal-date-check-override", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/renewal-date-check-override-query.yaml" } }, { "description": "Applicable for Third Party Dual Stack Enrollments, allows to update missing certificate. Option supported from v10.", "example": "{{allow-missing-certificate-addition}}", "in": "query", "name": "allow-missing-certificate-addition", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/allow-missing-certificate-addition-query.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "delete": { "description": "Removes an enrollment from CPS. Response type will vary depending on the state of the enrollment. Deleting an enrollment in the future or deleting when the enrollment has a certificate deployed to the network may return HTTP 202 Accepted. Deleting an enrollment which has not yet deployed certificate to the network will complete immediately and return HTTP 200 OK.", "operationId": "delete-enrollment", "summary": "Remove an enrollment", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/delete-enrollment" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.enrollment-status.v1+json": { "example": { "enrollment": "/cps/v2/enrollments/10002", "changes": [ "/cps/v2/enrollments/10002/changes/10002" ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "changes", "enrollment" ], "properties": { "changes": { "type": "array", "items": { "type": "string" } }, "enrollment": { "type": "string" } }, "x-akamai": { "file-path": "schemas/enrollment-status.v1.yaml" } } } } }, "202": { "description": "Resource successfully accepted.", "content": { "application/vnd.akamai.cps.enrollment-status.v1+json": { "example": { "enrollment": "/cps/v2/enrollments/10002", "changes": [ "/cps/v2/enrollments/10002/changes/10002" ] }, "schema": { "additionalProperties": false, "type": "object", "required": [ "changes", "enrollment" ], "properties": { "changes": { "type": "array", "items": { "type": "string" } }, "enrollment": { "type": "string" } }, "x-akamai": { "file-path": "schemas/enrollment-status.v1.yaml" } } } } } }, "parameters": [ { "description": "All pending changes to be cancelled when updating an enrollment.", "example": "{{allow-cancel-pending-changes}}", "in": "query", "name": "allow-cancel-pending-changes", "schema": { "example": true, "type": "boolean" }, "x-akamai": { "file-path": "parameters/allow-cancel-pending-changes-query.yaml" } }, { "description": "Don't deploy after this date (UTC).", "example": "{{deploy-not-after}}", "in": "query", "name": "deploy-not-after", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-after-query.yaml" } }, { "description": "Don't deploy before this date (UTC).", "example": "{{deploy-not-before}}", "in": "query", "name": "deploy-not-before", "schema": { "example": "2021-01-31", "type": "string" }, "x-akamai": { "file-path": "parameters/deploy-not-before-query.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/changes/{changeId}": { "get": { "description": "Gets the status of a pending change.", "operationId": "get-enrollment-change", "summary": "Get change status", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-enrollment-change" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change.v2+json": { "example": { "statusInfo": { "description": "Waiting for you to upload and submit your third party certificate and trust chain.", "error": null, "state": "awaiting-input", "status": "wait-upload-third-party", "deploymentSchedule": { "notAfter": null, "notBefore": null } }, "allowedInput": [ { "info": "/cps/v2/enrollments/10002/changes/10002/input/info/third-party-csr", "requiredToProceed": true, "type": "third-party-certificate", "update": "/cps/v2/enrollments/10002/changes/10002/input/update/third-party-cert-and-trust-chain" } ] }, "schema": { "additionalProperties": false, "description": "Any change that you want to make to the network deployment of an enrollment.", "type": "object", "required": [ "allowedInput", "statusInfo" ], "properties": { "allowedInput": { "description": "The resource path locations of data inputs allowed by this change. These could be required or optional for this change to proceed.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "info", "requiredToProceed", "type", "update" ], "properties": { "info": { "description": "The resource location for the allowed input's description.", "type": "string" }, "requiredToProceed": { "description": "If `true`, this input is required for the change to proceed.", "type": "boolean" }, "type": { "description": "The type input.", "type": "string" }, "update": { "description": "The resource path location that you can use to make a call for this input.", "type": "string" } } } }, "statusInfo": { "additionalProperties": false, "description": "The status for this change at this time.", "type": "object", "required": [ "deploymentSchedule", "description", "state", "status" ], "properties": { "deploymentSchedule": { "additionalProperties": false, "description": "The schedule for when you want this change to deploy.", "type": "object", "properties": { "notAfter": { "description": "Don't deploy the certificate after this date.", "nullable": true, "type": "string" }, "notBefore": { "description": "Don't deploy the certificate before this date.", "nullable": true, "type": "string" } } }, "description": { "description": "A description of the current status of the change.", "type": "string" }, "error": { "additionalProperties": false, "description": "Error information for this change.", "nullable": true, "type": "object", "required": [ "code", "description", "timestamp" ], "properties": { "code": { "description": "The unique identifier code for this error.", "type": "string" }, "description": { "description": "The detailed description for this error.", "type": "string" }, "timestamp": { "description": "Indicates when this error occurred.", "type": "string" } } }, "state": { "description": "The change request's state. A value of `new` means the certificate is processed but the renewal process is not started. `awaiting-input` means the process is waiting on a user input, for example the approval or denial of a change management item. `suspended` indicates the process didn't complete. A value of `cancelled` means the process has been cancelled permanently.", "type": "string", "enum": [ "new", "running", "awaiting-input", "suspended", "cancelled", "completed", "error" ] }, "status": { "description": "The general status of the change. This is a high level of description of the status for the change. See [Status values and descriptions](https://techdocs.akamai.com/cps/reference/status-values-and-descriptions) for the list of possible status values this operation may return.", "type": "string" } } } }, "x-akamai": { "file-path": "schemas/change.v2.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "delete": { "description": "Cancels a pending change.", "operationId": "delete-enrollment-change", "summary": "Cancel a change", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/delete-enrollment-change" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change-id.v1+json": { "example": { "change": "/cps/v2/enrollments/10002/changes/10002" }, "schema": { "additionalProperties": false, "type": "object", "required": [ "change" ], "properties": { "change": { "type": "string" } }, "x-akamai": { "file-path": "schemas/change-id.v1.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "The change for this enrollment on which to perform the desired operation.", "example": "{{changeId}}", "in": "path", "name": "changeId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/changeId-path.yaml" } }, { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/changes/{changeId}/deployment-schedule": { "get": { "description": "Gets the current deployment schedule settings describing when a change deploys to the network.", "operationId": "get-change-deployment-schedule", "summary": "Get a deployment schedule", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-change-deployment-schedule" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.deployment-schedule.v1+json": { "example": { "notAfter": null, "notBefore": "2017-05-19T16:00:00Z" }, "schema": { "additionalProperties": false, "description": "If you want CPS to automatically deploy your certificate, but you do not want the deployment to occur before a certain date and time, you can set a deploy after date. You can only set a deploy after date and time for the renewal of a certificate or for a certificate that is active on the network. The certificate may not deploy the certificate at the exact time and date you specify, but it will not deploy it before that time and date.", "type": "object", "properties": { "notAfter": { "description": "The time after when the change will no longer be in effect. This value is an ISO-8601 timestamp.", "nullable": true, "type": "string" }, "notBefore": { "description": "The time that you want change to take effect. If you do not set this, the change occurs immediately, although most changes take some time to take effect even when they are immediately effective. This value is an ISO-8601 timestamp.", "nullable": true, "type": "string" } }, "x-akamai": { "file-path": "schemas/deployment-schedule.v1.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "put": { "description": "Updates the current deployment schedule.", "operationId": "put-change-deployment-schedule", "summary": "Update a deployment schedule", "tags": [ "Deployments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/put-change-deployment-schedule" }, "requestBody": { "required": true, "content": { "application/vnd.akamai.cps.deployment-schedule.v1+json": { "example": { "notAfter": null, "notBefore": "2017-05-19T16:00:00Z" }, "schema": { "additionalProperties": false, "description": "If you want CPS to automatically deploy your certificate, but you do not want the deployment to occur before a certain date and time, you can set a deploy after date. You can only set a deploy after date and time for the renewal of a certificate or for a certificate that is active on the network. The certificate may not deploy the certificate at the exact time and date you specify, but it will not deploy it before that time and date.", "type": "object", "properties": { "notAfter": { "description": "The time after when the change will no longer be in effect. This value is an ISO-8601 timestamp.", "nullable": true, "type": "string" }, "notBefore": { "description": "The time that you want change to take effect. If you do not set this, the change occurs immediately, although most changes take some time to take effect even when they are immediately effective. This value is an ISO-8601 timestamp.", "nullable": true, "type": "string" } }, "x-akamai": { "file-path": "schemas/deployment-schedule.v1.yaml" } } } } }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change-id.v1+json": { "example": { "change": "/cps/v2/enrollments/10002/changes/10002" }, "schema": { "additionalProperties": false, "type": "object", "required": [ "change" ], "properties": { "change": { "type": "string" } }, "x-akamai": { "file-path": "schemas/change-id.v1.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "The change for this enrollment on which to perform the desired operation.", "example": "{{changeId}}", "in": "path", "name": "changeId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/changeId-path.yaml" } }, { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/changes/{changeId}/input/info/{allowedInputTypeParam}": { "get": { "description": "Get detailed information of a pending change. Below is a sample where `allowedInput[].type` has the value `third-party-csr`. The acceptable `Accept` header depends on the value of the `allowedInput.type` for the Change instance. See [Change Input Content Type Mapping](https://techdocs.akamai.com/cps/reference/change-input-content-type-mapping) for details.", "operationId": "get-change-allowed-input-param", "summary": "Get a change", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-change-allowed-input-param" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change-management-info.v1+json": { "example": { "acknowledgementDeadline": null, "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "pendingState": { "pendingCertificate": { "certificateType": "third-party", "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----", "signatureAlgorithm": "SHA-256" }, "pendingNetworkConfiguration": { "mustHaveCiphers": "ak-akamai-2020q1", "networkType": null, "preferredCiphers": "ak-akamai-2020q1", "sni": null } }, "validationResult": { "errors": null, "warnings": [ { "message": "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]", "messageCode": "no-code" } ] } }, "schema": { "additionalProperties": false, "description": "After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. A version label indicates this member is introduced in that version. A pre-version label indicates this member is removed in that version. No version label indicates this member is present in all versions.", "type": "object", "required": [ "pendingState", "validationResultHash" ], "properties": { "acknowledgementDeadline": { "nullable": true, "type": "string" }, "pendingState": { "additionalProperties": false, "description": "The snapshot of the pending state for the enrollment when this change takes effect.", "type": "object", "required": [ "pendingNetworkConfiguration" ], "properties": { "pendingCertificate": { "additionalProperties": false, "description": "The snapshot of the pending certificate for the enrollment when this change takes effect.", "type": "object", "required": [ "certificateType", "fullCertificate", "signatureAlgorithm" ], "properties": { "certificateType": { "type": "string" }, "fullCertificate": { "type": "string" }, "signatureAlgorithm": { "nullable": true, "type": "string" } } }, "pendingNetworkConfiguration": { "additionalProperties": false, "description": "The snapshot of the pending network configuration for the enrollment when this change takes effect.", "type": "object", "required": [ "mustHaveCiphers", "preferredCiphers" ], "properties": { "mustHaveCiphers": { "type": "string" }, "networkType": { "nullable": true, "type": "string" }, "preferredCiphers": { "type": "string" }, "sni": { "additionalProperties": false, "description": "Server Name Indication (SNI) setting for this Enrollment.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "type": "boolean" }, "dnsNames": { "type": "array", "items": { "type": "string" } } } } } } } }, "validationResult": { "additionalProperties": false, "description": "The hash of `validationResult`. It always has a value, even when `validationResult` is `null`. The hash result of the validation result as of the time of the most recent validation check. It is used in the `change-management-ack` API call to further specify the state of the change that is being acknowledged. We recommend you use the `change-management-info` API call, review the `validationResult` with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgment operation.", "type": "object", "properties": { "errors": { "description": "Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "type": "string" }, "messageCode": { "type": "string" } } } }, "warnings": { "description": "Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "type": "string" }, "messageCode": { "type": "string" } } } } } }, "validationResultHash": { "type": "string" } }, "x-akamai": { "file-path": "schemas/change-management-info.v1.yaml" } } }, "application/vnd.akamai.cps.change-management-info.v2+json": { "example": { "acknowledgementDeadline": null, "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "pendingState": { "pendingCertificate": { "certificateType": "third-party", "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----", "signatureAlgorithm": "SHA-256" }, "pendingNetworkConfiguration": { "mustHaveCiphers": "ak-akamai-2020q1", "networkType": null, "preferredCiphers": "ak-akamai-2020q1", "sni": null, "disallowedTlsVersions": [ "TLSv1_2" ] } }, "validationResult": { "errors": null, "warnings": [ { "message": "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]", "messageCode": "no-code" } ] } }, "schema": { "additionalProperties": false, "description": "After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate.", "type": "object", "required": [ "pendingState", "validationResultHash" ], "properties": { "acknowledgementDeadline": { "description": "The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's `null` otherwise.", "nullable": true, "type": "string" }, "pendingState": { "additionalProperties": false, "description": "The snapshot of the pending state for the enrollment when this change takes effect.", "type": "object", "required": [ "pendingNetworkConfiguration" ], "properties": { "pendingCertificate": { "additionalProperties": false, "description": "The snapshot of the pending certificate for the enrollment when this change takes effect.", "type": "object", "required": [ "certificateType", "fullCertificate", "signatureAlgorithm" ], "properties": { "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "fullCertificate": { "description": "Displays the contents of the certificate.", "type": "string" }, "signatureAlgorithm": { "description": "Displays the signature algorithm.", "nullable": true, "type": "string" } } }, "pendingNetworkConfiguration": { "additionalProperties": false, "description": "The snapshot of the pending network configuration for the enrollment when this change takes effect.", "type": "object", "required": [ "mustHaveCiphers", "preferredCiphers" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocols.", "type": "array", "items": { "type": "string" } }, "mustHaveCiphers": { "description": "Ciphers that you want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "type": "string" }, "networkType": { "description": "Enrollment network type.", "nullable": true, "type": "string" }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "type": "string" }, "sni": { "additionalProperties": false, "description": "Server Name Indication (SNI) setting for this Enrollment.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "All certificate SANs are included in `dnsNames` when `cloneDnsNames` is true.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } } } } } } } }, "validationResult": { "additionalProperties": false, "description": "The hash of `validationResult`. It always has a value, even when `validationResult` is `null`. The hash result of the validation result as of the time of the most recent validation check. It is used in the `change-management-ack` API call to further specify the state of the change that is being acknowledged. We recommend you use the `change-management-info` API call, review the `validationResult` with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgment operation.", "type": "object", "properties": { "errors": { "description": "Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } }, "warnings": { "description": "Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } } } }, "validationResultHash": { "description": "The hash of `validationResult`.", "type": "string" } }, "x-akamai": { "file-path": "schemas/change-management-info.v2.yaml" } } }, "application/vnd.akamai.cps.change-management-info.v4+json": { "example": { "acknowledgementDeadline": null, "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "pendingState": { "pendingCertificate": { "certificateType": "third-party", "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----", "ocspStapled": "false", "ocspUris": null, "signatureAlgorithm": "SHA-256" }, "pendingNetworkConfiguration": { "dnsNameSettings": null, "mustHaveCiphers": "ak-akamai-2020q1", "networkType": null, "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": "false", "sniOnly": "false", "disallowedTlsVersions": [ "TLSv1_2" ] } }, "validationResult": { "errors": null, "warnings": [ { "message": "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]", "messageCode": "no-code" } ] } }, "schema": { "additionalProperties": false, "description": "After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate.", "type": "object", "required": [ "pendingState", "validationResultHash" ], "properties": { "acknowledgementDeadline": { "description": "The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's `null` otherwise.", "nullable": true, "type": "string" }, "pendingState": { "additionalProperties": false, "description": "The snapshot of the pending state for the enrollment when this change takes effect.", "type": "object", "required": [ "pendingNetworkConfiguration" ], "properties": { "pendingCertificate": { "additionalProperties": false, "description": "The snapshot of the pending certificate for the enrollment when this change takes effect.", "type": "object", "required": [ "certificateType", "fullCertificate", "signatureAlgorithm" ], "properties": { "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "fullCertificate": { "description": "Displays the contents of the certificate.", "type": "string" }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "signatureAlgorithm": { "description": "Displays the signature algorithm.", "nullable": true, "type": "string" } } }, "pendingNetworkConfiguration": { "additionalProperties": false, "description": "The snapshot of the pending network configuration for the enrollment when this change takes effect.", "type": "object", "required": [ "mustHaveCiphers", "preferredCiphers", "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocols.", "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "All certificate SANs are included in `dnsNames` when `cloneDnsNames` is true.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } } } }, "mustHaveCiphers": { "description": "Ciphers included for your enrollment while deploying it on the network.", "type": "string" }, "networkType": { "description": "Enrollment network type.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string" }, "preferredCiphers": { "description": "Ciphers included for your enrollment while deploying it on the network.", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "sniOnly": { "description": "Server Name Indication (SNI) setting for this Enrollment.", "type": "boolean" } } } } }, "validationResult": { "additionalProperties": false, "description": "The hash of `validationResult`. It always has a value, even when `validationResult` is `null`. The hash result of the validation result as of the time of the most recent validation check. It is used in the `change-management-ack` API call to further specify the state of the change that is being acknowledged. We recommend you use the `change-management-info` API call, review the `validationResult` with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgment operation.", "type": "object", "properties": { "errors": { "description": "Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } }, "warnings": { "description": "Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } } } }, "validationResultHash": { "description": "The hash of `validationResult`.", "type": "string" } }, "x-akamai": { "file-path": "schemas/change-management-info.v4.yaml" } } }, "application/vnd.akamai.cps.change-management-info.v5+json": { "example": { "acknowledgementDeadline": null, "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "pendingState": { "pendingNetworkConfiguration": { "dnsNameSettings": null, "mustHaveCiphers": "ak-akamai-2020q1", "networkType": null, "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": "false", "sniOnly": "false", "disallowedTlsVersions": [ "TLSv1_2" ] }, "pendingCertificates": [ { "certificateType": "third-party", "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... KZlSw==\n-----END CERTIFICATE-----", "keyAlgorithm": "RSA", "ocspStapled": "false", "ocspUris": null, "signatureAlgorithm": "SHA-256" } ] }, "validationResult": { "errors": null, "warnings": [ { "message": "[SAN name [san9.example.com] removed from certificate is still live on the network., SAN name [san8.example.com] removed from certificate is still live on the network.]", "messageCode": "no-code" } ] } }, "schema": { "additionalProperties": false, "description": "After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate.", "type": "object", "required": [ "pendingState", "validationResultHash" ], "properties": { "acknowledgementDeadline": { "description": "The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's `null` otherwise.", "nullable": true, "type": "string" }, "pendingState": { "additionalProperties": false, "description": "The snapshot of the pending state for the enrollment when this change takes effect.", "type": "object", "required": [ "pendingCertificates", "pendingNetworkConfiguration" ], "properties": { "pendingCertificates": { "description": "The snapshot of the pending certificate for the enrollment when this change takes effect.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "certificateType", "fullCertificate", "signatureAlgorithm" ], "properties": { "certificateType": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] }, "fullCertificate": { "description": "Displays the contents of the certificate.", "type": "string" }, "keyAlgorithm": { "description": "Displays the key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "signatureAlgorithm": { "description": "Displays the signature algorithm.", "nullable": true, "type": "string" } } } }, "pendingNetworkConfiguration": { "additionalProperties": false, "description": "The snapshot of the pending network configuration for the enrollment when this change takes effect.", "type": "object", "required": [ "mustHaveCiphers", "preferredCiphers", "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocols.", "type": "array", "items": { "type": "string" } }, "dnsNameSettings": { "additionalProperties": false, "description": "DNS name settings.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "All certificate SANs are included in `dnsNames` when `cloneDnsNames` is true.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } } } }, "mustHaveCiphers": { "description": "Ciphers included for your enrollment while deploying it on the network.", "type": "string" }, "networkType": { "description": "Enrollment network type.", "nullable": true, "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers included for your enrollment while deploying it on the network.", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "sniOnly": { "description": "Server Name Indication (SNI) setting for this Enrollment.", "type": "boolean" } } } } }, "validationResult": { "additionalProperties": false, "description": "The hash of `validationResult`. It always has a value, even when `validationResult` is `null`. The hash result of the validation result as of the time of the most recent validation check. It is used in the `change-management-ack` API call to further specify the state of the change that is being acknowledged. We recommend you use the `change-management-info` API call, review the `validationResult` with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgment operation.", "type": "object", "properties": { "errors": { "description": "Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.", "nullable": true, "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } }, "warnings": { "description": "Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "message", "messageCode" ], "properties": { "message": { "description": "The description of the message.", "type": "string" }, "messageCode": { "description": "The unique code of the message.", "type": "string" } } } } } }, "validationResultHash": { "description": "The hash of `validationResult`.", "type": "string" } }, "x-akamai": { "file-path": "schemas/change-management-info.v5.yaml" } } }, "application/vnd.akamai.cps.csr.v1+json": { "example": { "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDPT ... .... hA9jc=\n-----END CERTIFICATE REQUEST-----" }, "schema": { "additionalProperties": false, "description": "Certificate Signing Request (CSR).", "type": "object", "properties": { "csr": { "description": "String with PEM formatted CSR.", "nullable": true, "type": "string" } }, "x-akamai": { "file-path": "schemas/csr.v1.yaml" } } }, "application/vnd.akamai.cps.csr.v2+json": { "example": { "csrs": [ { "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDPT ... .... hA9jc=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "RSA" } ] }, "schema": { "additionalProperties": false, "description": "Certificate Signing Request (CSR).", "type": "object", "required": [ "csrs" ], "properties": { "csrs": { "description": "Certificate Signing Request (CSR) objects.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "csr" ], "properties": { "csr": { "description": "String with PEM formatted CSR.", "type": "string" }, "keyAlgorithm": { "description": "Key algorithm of the certificate, either `ECDSA` or `RSA`.", "type": "string", "enum": [ "ECDSA", "RSA" ] } } } } }, "x-akamai": { "file-path": "schemas/csr.v2.yaml" } } }, "application/vnd.akamai.cps.deployment.v3+json": { "example": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----", "networkConfiguration": { "geography": "standard-worldwide", "mustHaveCiphers": "ak-akamai-2020q1", "preferredCiphers": "ak-akamai-2020q1", "secureNetwork": "enhanced-tls", "disallowedTlsVersions": [], "sni": { "cloneDnsNames": true, "dnsNames": [ "san2.example.com", "san1.example.com" ] } } }, "schema": { "additionalProperties": false, "description": "Deploys your certificate to a network.", "type": "object", "required": [ "certificate", "networkConfiguration", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "networkConfiguration": { "additionalProperties": false, "description": "Information about how you want to deploy your certificate.", "type": "object", "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS versions.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "type": "string" }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to `ak-akamai-default` when it is not set.", "type": "string" }, "secureNetwork": { "description": "The type of deployment network you want to use. Specify Standard TLS as the enum `standard-tls` to deploy your certificate to Akamai's standard secure network. It is not PCI compliant. Specify Enhanced TLS as the enum `enhanced-tls` to deploy your certificate to Akamai's more secure network with PCI compliance capability.", "type": "string" }, "sni": { "additionalProperties": false, "description": "SNI settings for your enrollment. When set to `null`, the enrollment becomes non-SNI. When it is non-null, enrollment is SNI-only. This setting cannot be changed once an enrollment is created.", "nullable": true, "type": "object", "required": [ "cloneDnsNames" ], "properties": { "cloneDnsNames": { "description": "Enable if you want CPS to direct traffic using all the SANs listed in the SANs parameter when you created your enrollment.", "type": "boolean" }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } } } } } }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain text. You may have any number of trust chains.", "nullable": true, "type": "string" } }, "x-akamai": { "file-path": "schemas/deployment.v3.yaml" } } }, "application/vnd.akamai.cps.deployment.v6+json": { "example": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] }, "schema": { "additionalProperties": false, "description": "Deploys your certificate to a network.", "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates today include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "description": "Network configuration properties.", "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocol.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string" }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string" }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "x-akamai": { "file-path": "schemas/deployment.v6.yaml" } } }, "application/vnd.akamai.cps.deployment.v7+json": { "example": { "production": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] }, "staging": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] } }, "schema": { "additionalProperties": false, "description": "Deploys your certificate to a network.", "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates today include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "description": "Network configuration properties.", "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocol.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "x-akamai": { "file-path": "schemas/deployment.v7.yaml" } } }, "application/vnd.akamai.cps.dv-challenges.v1+json": { "example": { "challenges": [ { "domain": "www.cps-example-dv.com", "error": "The domain is not ready for validation.", "expires": "2017-05-19T18:00:00Z", "fullPath": "http://www.cps-example-dv.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg", "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg", "requestTimestamp": "2017-05-19T17:20:00Z", "responseBody": "12345-...-abcdef", "status": "Awaiting user", "token": "abcdefghijklmno-123453q5Dr6TU8ViHSDSf-c9Iyg", "validatedTimestamp": "2017-05-19T17:35:22Z" } ] }, "schema": { "additionalProperties": false, "description": "When using certificates with domain validation, you prove that you have control over each of the domains listed in the certificate. When you create a new DV enrollment that generates a certificate signing request (CSR). CPS automatically sends it to Let's Encrypt for signing. Let's Encrypt sends back a challenge for each domain listed on your certificate. You prove that you have control over the domains listed in the CSR by redirecting your traffic to Akamai. This allows Akamai to complete the challenge process for you by detecting the redirect and answering Let's Encrypt's challenge. You must configure your web server to redirect your traffic to Akamai. If you do not have the ability to redirect traffic on your web server, you must instruct the person who can redirect traffic to do so. Let's Encrypt automatically verifies the domain after it receives an answer to the challenge, and marks the domain as validated. A version label indicates this member is introduced in that version. A pre-version label indicates this member is removed in that version. No version label indicates this member is present in all versions.", "type": "object", "required": [ "challenges" ], "properties": { "challenges": { "description": "Domains that need to be validated for this Enrollment. V1 only supports and displays http-01 challenge.", "type": "array", "items": { "additionalProperties": false, "type": "object", "properties": { "domain": { "description": "Domain which is being validated.", "type": "string" }, "error": { "description": "Current validation status for domains not yet validated.", "nullable": true, "type": "string" }, "expires": { "description": "Timestamp when this token or validation will expire. Sample 2014-08-12T18:57:07z.", "type": "string" }, "fullPath": { "description": "URL where Let's Encrypt will request and expect to find 'token' as content.", "type": "string" }, "redirectFullPath": { "description": "The URL where Akamai publishes `responseBody` for Let's Encrypt to validate. The client can configure a redirect at `fullPath` to redirect requests to this `redirectFullPath` URL, keeping in mind that the token may change over time.", "type": "string" }, "requestTimestamp": { "description": "Timestamp Akamai received validation token from Let's Encrypt. Sample `2014-08-12T18:57:07z`.", "type": "string" }, "responseBody": { "description": "The data Let's Encrypt expects to find served at `fullPath` URL.", "type": "string" }, "status": { "description": "The domain validation status.", "type": "string" }, "token": { "description": "The validation token issued by Let's Encrypt.", "type": "string" }, "validatedTimestamp": { "description": "Timestamp when domain was successfully validated. Sample 2014-08-12T18:57:07z.", "type": "string" } } } } }, "x-akamai": { "file-path": "schemas/dv-challenges.v1.yaml" } } }, "application/vnd.akamai.cps.dv-challenges.v2+json": { "example": { "dv": [ { "domain": "www.cps-example-dv.com", "error": "The domain is not ready for validation.", "expires": "2021-09-06T17:55:17Z", "requestTimestamp": "2021-09-05T15:55:49Z", "status": "Awaiting user", "validatedTimestamp": "2021-09-05T17:53:22Z", "validationStatus": "RESPONSE_ERROR", "challenges": [ { "error": null, "fullPath": "http://www.cps-example-dv.com/.well-known/acme-challenge/abcdefghijklmno-123453q5Dr6TU8ViHSDSf-c9Iyg", "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-123453q5Dr6TU8ViHSDSf-c9Iyg", "responseBody": "AAA-dvq11111CmSWBzwIFpc4G2OCh5YXoHK56VccGmU.-BBBBBD3eQiu1uf5vf4xp-ZJv71AiycGGMuLtf06BnA", "status": "pending", "token": "abcdefghijklmno-123453q5Dr6TU8ViHSDSf-c9Iyg", "type": "http-01", "validationRecords": [] }, { "error": null, "fullPath": "_acme-challenge.www.cps-example-dv.com.", "redirectFullPath": "", "responseBody": "0yVISDJjpXR7BXzR5QgfA51tt-I6aKremGnPwK_lvH4", "status": "pending", "token": "cGBnw-3YO7rUhq61EuuHqcGrYkaQWALAgi8szTqRoHA", "type": "dns-01", "validationRecords": [] } ] } ] }, "schema": { "additionalProperties": false, "description": "When using certificates with domain validation, you prove that you have control over each of the domains listed in the certificate. When you create a new DV enrollment that generates a certificate signing request (CSR). CPS automatically sends it to Let's Encrypt for signing. Let's Encrypt sends back a challenge for each domain listed on your certificate. You prove that you have control over the domains listed in the CSR by redirecting your traffic to Akamai, or placing a token in the domain's DNS zone. This allows Akamai to complete the challenge process for you by detecting the redirect or DNS token, and answering Let's Encrypt's challenge. You must complete one of the challenges for each domain to validate the certificate. To validate a domain, only one challenge for each domain must be complete. Let's Encrypt automatically verifies the domain after it receives an answer to the challenge, and marks the domain as validated.", "type": "object", "required": [ "dv" ], "properties": { "dv": { "description": "Array of Domain Validation entities.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "challenges" ], "properties": { "challenges": { "description": "Domains that need to be validated for this Enrollment. V1 only supports and displays http-01 challenge. V2 allows HTTP and DNS challenge types. Each domain in the enrollment can have multiple challenges and can use a different challenge types. To validate a domain, only one challenge for each domain must be complete.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "validationRecords" ], "properties": { "error": { "description": "Error message describing failure to validate domain control.", "nullable": true, "type": "string" }, "fullPath": { "description": "URL where Let's Encrypt will request and expect to find 'token' as content.", "type": "string" }, "redirectFullPath": { "description": "The URL where Akamai publishes `responseBody` for Let's Encrypt to validate. The client can configure a redirect at `fullPath` to redirect requests to this `redirectFullPath` URL, keeping in mind that the token may change over time.", "type": "string" }, "responseBody": { "description": "The data Let's Encrypt expects to find served at `fullPath` URL.", "type": "string" }, "status": { "description": "The domain validation status. Current values include `Preparing`, `Pending`, `Awaiting user`, `Valid`, `Invalid`, `Error` & `Ready for Validation`.", "type": "string", "enum": [ "Preparing", "Pending", "Awaiting user", "Valid", "Invalid", "Error", "Ready for Validation" ] }, "token": { "description": "The validation token issued by Let's Encrypt.", "type": "string" }, "type": { "description": "Validation type. Currently supported types include `dns-01` & `http-01`.", "type": "string", "enum": [ "dns-01", "http-01" ] }, "validationRecords": { "description": "Validation attempts and status.", "type": "array", "items": { "additionalProperties": false, "description": "Validation attempt.", "type": "object", "properties": { "authorities": { "description": "Validation authorities.", "type": "array", "items": { "type": "string" } }, "hostname": { "description": "Domain name being validated.", "type": "string" }, "port": { "description": "Port used for validation.", "type": "string" }, "resolvedIp": { "description": "IPs resolved for name being validated.", "type": "array", "items": { "type": "string" } }, "triedIp": { "description": "IP from `resolvedIp` tried for this validation.", "type": "string" }, "url": { "description": "URL attempted validated.", "type": "string" }, "usedIp": { "description": "IP from `resolvedIp` used for this validation.", "type": "string" } } } } } } }, "domain": { "description": "Domain which is being validated.", "type": "string" }, "error": { "description": "Current validation status for domains not yet validated.", "nullable": true, "type": "string" }, "expires": { "description": "Timestamp when this token or validation will expire. Sample 2017-12-05T18:57:07z.", "type": "string" }, "requestTimestamp": { "description": "Timestamp Akamai received validation token from Let's Encrypt. Sample `2017-12-12T18:57:07z`.", "type": "string" }, "status": { "description": "Let's Encrypt validation status. Required `Valid` for certificate generation.", "type": "string" }, "validatedTimestamp": { "description": "Timestamp when domain was successfully validated. Sample 2017-12-12T18:57:07z.", "type": "string" }, "validationStatus": { "description": "Status of the domain validation process.", "type": "string" } } } } }, "x-akamai": { "file-path": "schemas/dv-challenges.v2.yaml" } } }, "application/vnd.akamai.cps.warnings.v1+json": { "example": { "warnings": "Some of the domains being provisioned (%s) exist on another certificate. Akamai recommends against overlapping names on Enhanced TLS and Standard TLS certificates except during digital property migrations. Enhanced TLS traffic could be misdirected in the event of DNS misconfiguration and treated as Standard TLS until the overlap is eliminated." }, "schema": { "additionalProperties": false, "description": "Warnings generated by CPS.", "type": "object", "properties": { "warnings": { "description": "String with comma separated list of warnings.", "type": "string" } }, "x-akamai": { "file-path": "schemas/warnings.v1.yaml" } } } } } }, "parameters": [ { "description": "__Enum__ Specifies the response type.", "example": "{{Accept}}", "in": "header", "name": "Accept", "required": true, "schema": { "example": "application/vnd.akamai.cps.csr.v2+json", "type": "string", "enum": [ "application/vnd.akamai.cps.csr.v2+json", "application/vnd.akamai.cps.csr.v1+json", "application/vnd.akamai.cps.change-management-info.v5+json", "application/vnd.akamai.cps.change-management-info.v4+json", "application/vnd.akamai.cps.change-management-info.v2+json", "application/vnd.akamai.cps.change-management-info.v1+json", "application/vnd.akamai.cps.deployment.v7+json", "application/vnd.akamai.cps.deployment.v6+json", "application/vnd.akamai.cps.deployment.v3+json", "application/vnd.akamai.cps.dv-challenges.v2+json", "application/vnd.akamai.cps.dv-challenges.v1+json", "application/vnd.akamai.cps.warnings.v1+json" ] }, "x-akamai": { "file-path": "headers/Accept-header-change.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "__Enum__ Found as the last part of `Change.allowedInput[].update` hypermedia URL. See [Change Input Content Type Mapping](https://techdocs.akamai.com/cps/reference/change-input-content-type-mapping) for details. Currently supported values include `change-management-info`, `lets-encrypt-challenges`, `post-verification-warnings`, `pre-verification-warnings`, `third-party-csr`.", "example": "{{allowedInputTypeParam}}", "in": "path", "name": "allowedInputTypeParam", "required": true, "schema": { "example": "third-party-csr", "type": "string", "enum": [ "change-management-info", "lets-encrypt-challenges", "post-verification-warnings", "pre-verification-warnings", "third-party-csr" ] }, "x-akamai": { "file-path": "parameters/allowedInputTypeParam-path.yaml" } }, { "description": "The change for this enrollment on which to perform the desired operation.", "example": "{{changeId}}", "in": "path", "name": "changeId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/changeId-path.yaml" } }, { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/changes/{changeId}/input/update/{allowedInputTypeParam}": { "post": { "description": "Updates a pending change. Below is a sample where `allowedInput[].type` has the value `third-party-cert-and-trust-chain`. The acceptable `Content-Type` and `Accept` headers depends on the value of the `allowedInput.type` for the Change instance. See [Change Input Content Type Mapping](https://techdocs.akamai.com/cps/reference/change-input-content-type-mapping) for details.", "operationId": "post-change-allowed-input-param", "summary": "Update a change", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/post-change-allowed-input-param" }, "requestBody": { "content": { "application/vnd.akamai.cps.acknowledgement-with-hash.v1+json": { "example": { "acknowledgement": "acknowledge", "hash": "24fb6fb91d290370c13a39e76afc1b26" }, "schema": { "additionalProperties": false, "description": "Encapsulates information needed to acknowledge an enrollment change.", "type": "object", "required": [ "acknowledgement", "hash" ], "properties": { "acknowledgement": { "description": "The state for which this Acknowledgment is submitted, either `acknowledge`, `deny`.", "type": "string", "enum": [ "acknowledge", "deny" ] }, "hash": { "description": "A hash is the state that this request acknowledges. You use this when you want to be explicit about what state you're acknowledging in order to prevent race conditions, such as when the state changes while the acknowledgment POST operation is in progress.", "type": "string" } }, "x-akamai": { "file-path": "schemas/acknowledgement-with-hash.v1.yaml" } } }, "application/vnd.akamai.cps.acknowledgement.v1+json": { "example": { "acknowledgement": "acknowledge" }, "schema": { "additionalProperties": false, "description": "Encapsulates information needed to acknowledge an enrollment change.", "type": "object", "required": [ "acknowledgement" ], "properties": { "acknowledgement": { "description": "The state for which this Acknowledgment is submitted, either `acknowledge`, `deny`.", "type": "string", "enum": [ "acknowledge", "deny" ] } }, "x-akamai": { "file-path": "schemas/acknowledgement.v1.yaml" } } }, "application/vnd.akamai.cps.certificate-and-trust-chain.v1+json": { "example": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjQCEB1FmMGD0kjutSE218ho23wwDQYJKoZIhvcNAQELBQAwYjElMCMG\nA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTEOMAwGA1UECwwFV2Vi\nRXgxDzANBgNVBAoMBkFrYW1haTELMAkGA1UECAwCTUExCzAJBgNVBAYTAlVTMB4X\nDTE3MDUxODIxMTAxMVoXDTE4MDUxOTIxMTAxMVowZzELMAkGA1UEBhMCVVMxCzAJ\nBgNVBAgMAk1BMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsMBVdlYkV4MSowKAYD\nVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxuHi0zL03f+3ZTKLV1lMHvS2LkUwCKEd\nApJw/v+yPPBTuamvikHQ8L5QM1p7BevavdeBMUAoGGXXQkrRtotCkL4S6N9cgH47\n+cUeXCT0D2BaOkR15N7qDVtkYeAtC7eKUI7+j99iZXAFr8Nel9wqNn/9804HyF+F\nZ/YS5oPBuJVGcTQhd8bmUx5wBgr3n6EhqvOHEEAa5whb5PoP/hFi0xO0SFG/LA/+\nK2NMvaE/9Y9j48/ONAFavf80s/y55SudZyBsjowtnZLIeJ4bM6nCN5DMAljH5U3O\nPFjSFKlbPxQgIcP9wLbQTV6b47tNK8c9jPg+U4jK2xtncJ2ijxSXAgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBACVVWGcirfBhkDwIuNELh1rzKPmhxwhx9hAsYz2B2FDn\n7q82c85hXLfFSZ/9I3bzotVDh4YucCV+vxUXQcYt5tEDbg96uHNzRzXQUTdJSNIe\nbQ5Yn86ELLrzaXAD3+t6ztj8Z9dIVfG7LrAOg3UX5GjfEUrjNfZaiiUcBqLKibJ5\nOqOJcPlbjKZ1kOqrCqlOugcQrZPgpzHkwssUR7v0VtHBHWnzjDTGaMXmvy1LsULA\n3N35SDGFI/Zpw56R4z95UwpmDYg3IKwAGY8XL/oMqTORWyYDUpy1dpcAln5HcZK3\nthju6KdIwCwmthk1iIUAri6avIrh7Mg2SHFho/4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQzCCAi0CEO7lWBUwDEEclty6iX7gCMcwCwYJKoZIhvcNAQELMGIxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVX\nZWJFeDElMCMGA1UEAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTAeFw0x\nNzA1MTgyMTEwMTFaFw0yMjA1MTgyMTEwMTFaMGIxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIDAJNQTEPMA0GA1UECgwGQWthbWFpMQ4wDAYDVQQLDAVXZWJFeDElMCMGA1UE\nAwwcd3d3LkNQUy1Ba2FtYWktVGVzdC1Sb290LmNvbTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJCbd5QpPJr0I48G4VE0JF5N719Wsspc8lEEgf2oM4BL\n6pAyxU6hm8YzSfCx/NBpU2MYMa96FDoYWUVfj4iilpV4IpLdsDtXjMJ2fnVXP4iI\n9n5EhF3oKGx2bAgBKpXIWXwPo3fqg/MGsdwIgrYyab3xJuwHP3V/2MSxzcHpxQrU\nE8jaemBXv6v0oTx50Ph0zJP+wYwvaDf+KVFzM3E42Ww9VLuP3lt5RAtasNctqlRr\nSlpH3RrZ0Gkpmz6xGr2LvLw12nkTylws/bafCSFAs7+x2ip6pP3yEaYxKdMpeOIE\nWaVU1RsJiWVYgq+b6gc9wrRpfZLyJYdAa50DuEv8jm0CAwEAATALBgkqhkiG9w0B\nAQsDggEBAFbv9+6pQBXDiFOxoYmu1/xiI1/mSGqooJtzNZjoni6HsruGxSqRbbKa\n3GdaPVInZwWY7p8T1RM8+YDTrRrjbfRuRPqdgUBv8iDbcldJNXsqD1CylxLi0lul\ndnHgQD9TmcrTs3ELeT277PE2f8AX3YjhYK8IIGBmDomc1KRTka3nZtexIwfiEQJr\nRzsFL+1vwPoSJFKb1NzeOGikkPNmipQvYKGY9A/q2XeqrEWKGHizPwvcIu7EC8wL\nRooQ3ztqAV3Wul5dI5+AEE8WQzUyzCq7BEgOgNaX403g8An5QueSjhogbYdRd3BM\n+OWJc8qePy3KgqY44s3kbrPR6sJuAIQ=\n-----END CERTIFICATE-----" }, "schema": { "additionalProperties": false, "description": "A digital certificate contains an electronic document that includes a company's identification information (such as the name of the company and address), a public key, and the digital signature of a certification authority (CA) based on that certification authority's private key. Digital certificates are verified using a chain of trust, which is a certificate hierarchy that allows individuals to verify the validity of a certificate's issuer. The latest BETA version allows for multiple certificates and trust chains submission (Dual-Stack enrollment).", "type": "object", "required": [ "certificate" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "trustChain": { "description": "The trust chain text. You may have no trust chains or multiple trust chains.", "nullable": true, "type": "string" } }, "x-akamai": { "file-path": "schemas/certificate-and-trust-chain.v1.yaml" } } }, "application/vnd.akamai.cps.certificate-and-trust-chain.v2+json": { "example": { "certificatesAndTrustChains": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... KZlSw==\n-----END CERTIFICATE-----", "keyAlgorithm": "ECDSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID ... .... 4p5mA=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQ ... .... JuAIQ=\n-----END CERTIFICATE-----" }, { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... ZKwSl==\n-----END CERTIFICATE-----", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID ... .... mA45p=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDQ ... .... QuIAJ=\n-----END CERTIFICATE-----" } ] }, "schema": { "additionalProperties": false, "description": "A digital certificate contains an electronic document that includes a company's identification information (such as the name of the company and address), a public key, and the digital signature of a certification authority (CA) based on that certification authority's private key. Digital certificates are verified using a chain of trust, which is a certificate hierarchy that allows individuals to verify the validity of a certificate's issuer. The latest BETA version allows for multiple certificates and trust chains submission (Dual-Stack enrollment).", "type": "object", "required": [ "certificatesAndTrustChains" ], "properties": { "certificatesAndTrustChains": { "description": "Certificate and trust chains.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "certificate", "keyAlgorithm" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate , either `ECDSA` or `RSA`.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "trustChain": { "description": "The trust chain text. You may have no trust chains or multiple trust chains.", "nullable": true, "type": "string" } } } } }, "x-akamai": { "file-path": "schemas/certificate-and-trust-chain.v2.yaml" } } } } }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change-id.v1+json": { "example": { "change": "/cps/v2/enrollments/10002/changes/10002" }, "schema": { "additionalProperties": false, "type": "object", "required": [ "change" ], "properties": { "change": { "type": "string" } }, "x-akamai": { "file-path": "schemas/change-id.v1.yaml" } } } } } }, "parameters": [ { "description": "__Enum__ Must be used to specify a request type.", "example": "{{Content-Type}}", "in": "header", "name": "Content-Type", "required": true, "schema": { "example": "application/vnd.akamai.cps.certificate-and-trust-chain.v2+json", "type": "string", "enum": [ "application/vnd.akamai.cps.certificate-and-trust-chain.v2+json", "application/vnd.akamai.cps.certificate-and-trust-chain.v1+json", "application/vnd.akamai.cps.acknowledgement-with-hash.v1+json", "application/vnd.akamai.cps.acknowledgement.v1+json" ] }, "x-akamai": { "file-path": "headers/content-type-header-change.yaml" } }, { "description": "__Enum__ Specifies the response type.", "example": "{{Accept}}", "in": "header", "name": "Accept", "required": true, "schema": { "example": "application/vnd.akamai.cps.change-id.v1+json", "type": "string", "enum": [ "application/vnd.akamai.cps.change-id.v1+json" ] }, "x-akamai": { "file-path": "headers/Accept-header-changeId.yaml" } }, { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "__Enum__ Found as the last part of `Change.allowedInput[].update` hypermedia URL. See [Change Input Content Type Mapping](https://techdocs.akamai.com/cps/reference/change-input-content-type-mapping) for details. Currently supported values include `change-management-ack`, `lets-encrypt-challenges-completed`, `post-verification-warnings-ack`, `pre-verification-warnings-ack`, `third-party-cert-and-trust-chain`.", "example": "{{allowedInputTypeParam}}", "in": "path", "name": "allowedInputTypeParam", "required": true, "schema": { "example": "third-party-cert-and-trust-chain", "type": "string", "enum": [ "change-management-ack", "lets-encrypt-challenges-completed", "post-verification-warnings-ack", "pre-verification-warnings-ack", "third-party-cert-and-trust-chain" ] }, "x-akamai": { "file-path": "parameters/allowedInputUpdateTypeParam-path.yaml" } }, { "description": "The change for this enrollment on which to perform the desired operation.", "example": "{{changeId}}", "in": "path", "name": "changeId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/changeId-path.yaml" } }, { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/deployments": { "get": { "description": "Lists the deployments for an enrollment.", "operationId": "get-deployments", "summary": "List deployments", "tags": [ "Deployments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-deployments" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.deployments.v7+json": { "example": { "production": { "ocspStapled": false, "ocspUris": [], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID .... 93Nvw==\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:21Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID .... Qs/v0=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID .... nMweq/\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:20Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID .... KEUp0=\n-----END CERTIFICATE-----" } ] }, "staging": { "ocspStapled": false, "ocspUris": [], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "on", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [ "TLSv1", "TLSv1_1" ], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID .... 93Nvw==\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:21Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID .... 9JQs/v0=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID .... nMweq/\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:20Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID .... KEUp0=\n-----END CERTIFICATE-----" } ] } }, "schema": { "additionalProperties": false, "type": "object", "required": [ "production", "staging" ], "properties": { "production": { "additionalProperties": false, "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocols.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "The type of the network on which CPS deploys your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network.", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network.", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } } }, "staging": { "additionalProperties": false, "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates today include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocols.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "The type of network on which CPS deploys your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network.", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network.", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "The primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } } } }, "x-akamai": { "file-path": "schemas/deployments.v7.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/deployments/production": { "get": { "description": "Gets the enrollments deployed on the production network.", "operationId": "get-deployments-production", "summary": "Get production deployment", "tags": [ "Deployments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-deployments-production" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.deployment.v7+json": { "example": { "production": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] }, "staging": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] } }, "schema": { "additionalProperties": false, "description": "Deploys your certificate to a network.", "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates today include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "description": "Network configuration properties.", "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocol.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "x-akamai": { "file-path": "schemas/deployment.v7.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/deployments/staging": { "get": { "description": "Gets the enrollments deployed on the staging network.", "operationId": "get-deployment-staging", "summary": "Get staging deployment", "tags": [ "Deployments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-deployment-staging" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.deployment.v7+json": { "example": { "production": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] }, "staging": { "ocspStapled": true, "ocspUris": [ "http://ocsp.example.com" ], "networkConfiguration": { "geography": "core", "mustHaveCiphers": "ak-akamai-2020q1", "ocspStapling": "not-set", "preferredCiphers": "ak-akamai-2020q1", "quicEnabled": false, "secureNetwork": "standard-tls", "sniOnly": true, "disallowedTlsVersions": [], "dnsNames": [ "san2.example.com", "san1.example.com" ] }, "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "RSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... .... ZlSw==\n-----END CERTIFICATE-----", "expiry": "2021-06-10T12:00:00Z", "keyAlgorithm": "ECDSA", "signatureAlgorithm": "SHA-256", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... JuAIQ=\n-----END CERTIFICATE-----" } ] } }, "schema": { "additionalProperties": false, "description": "Deploys your certificate to a network.", "type": "object", "required": [ "multiStackedCertificates", "networkConfiguration", "primaryCertificate" ], "properties": { "multiStackedCertificates": { "description": "Dual-stacked certificates today include an ECDSA certificate in addition to an RSA certificate.", "type": "array", "items": { "additionalProperties": false, "description": "Deployment may include multiple dual-stacked certificates.", "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "networkConfiguration": { "additionalProperties": false, "description": "Network configuration properties.", "type": "object", "required": [ "quicEnabled", "sniOnly" ], "properties": { "disallowedTlsVersions": { "description": "Disallowed TLS protocol.", "type": "array", "items": { "type": "string" } }, "dnsNames": { "description": "Names served by SNI-only enabled enrollments.", "type": "array", "items": { "type": "string" } }, "geography": { "description": "Type of the network that you want to deploy your certificate. `core` is worldwide (includes China and Russia). `china+core` is worldwide and China. `russia+core` is worldwide and Russia.", "type": "string", "enum": [ "core", "china+core", "russia+core" ] }, "mustHaveCiphers": { "description": "Ciphers that you definitely want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "ocspStapling": { "description": "OCSP stapling setting for the deployment.", "type": "string", "enum": [ "on", "off", "not-set" ] }, "preferredCiphers": { "description": "Ciphers that you preferably want to include for your enrollment while deploying it on the network. For more information on cipher profiles, see [Akamai community](https://community.akamai.com/customers/s/article/SSL-TLS-Cipher-Profiles-for-Akamai-Secure-CDNrxdxm).", "type": "string" }, "quicEnabled": { "description": "QUIC transport layer network protocol.", "type": "boolean" }, "secureNetwork": { "description": "The type of deployment network. `standard-tls` means Akamai's standard secure network, while `enhanced-tls` means Akamai's more secure network with PCI compliance capability.", "type": "string", "enum": [ "enhanced-tls", "standard-tls" ] }, "sniOnly": { "description": "Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) networking protocol. It allows a server to present multiple certificates on the same IP address. All modern web browsers support the SNI extension. If you have the same SAN on two or more certificates with the SNI-only option set, Akamai may serve traffic using any certificate which matches the requested SNI hostname. You should avoid multiple certificates with overlapping SAN names when using SNI-only.", "type": "boolean" } } }, "ocspStapled": { "description": "OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.", "type": "boolean" }, "ocspUris": { "description": "URI used for OCSP stapling validation.", "nullable": true, "type": "array", "items": { "type": "string" } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate of the enrollment.", "nullable": true, "type": "object", "required": [ "certificate", "trustChain" ], "properties": { "certificate": { "description": "The certificate text.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm of the certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "signatureAlgorithm": { "description": "The SHA (Secure Hash Algorithm) function. Current values include `SHA-1` & `SHA-256`.", "nullable": true, "type": "string", "enum": [ "SHA-1", "SHA-256" ] }, "trustChain": { "description": "The trust chain for the certificate.", "nullable": true, "type": "string" } } } }, "x-akamai": { "file-path": "schemas/deployment.v7.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/dv-history": { "get": { "description": "Domain name Validation history for the enrollment.", "operationId": "get-dv-history", "summary": "Get DV history", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-dv-history" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.dv-history.v1+json": { "example": { "data": [ { "domain": "www.cps-example-dv.com", "domainHistory": [ { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg", "requestTimestamp": "2021-04-11T18:15:07z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-11T18:24:16z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg", "requestTimestamp": "2021-04-11T18:33:26z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": "http://dcv.akamai.com/.well-known/acme-challenge/abcdefghijklmno-KuzBi3q5Dr6TU8ViHSDSf-c9Iyg", "requestTimestamp": "2021-04-11T18:42:39z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-11T18:51:46z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-11T19:00:54z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-11T19:10:23z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] }, { "domain": "www.cps-example-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-11T19:19:32z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] } ] }, { "domain": "www.cps-example-2-dv.com", "domainHistory": [ { "domain": "www.cps-example-2-dv.com", "error": "Error getting challenges. Error Message: Lets Encrypt Exception message: Unable to load Lets Encrypt support tools.", "expires": null, "fullPath": null, "redirectFullPath": null, "requestTimestamp": "2021-04-12T19:19:32z", "responseBody": null, "status": "Preparing", "token": null, "validatedTimestamp": null, "validationStatus": null, "challenges": [], "validationRecords": [] } ] } ] }, "schema": { "additionalProperties": false, "description": "If you use domain validation, the CA that issued the certificate validates that you have control of the domain. CPS supports DV certificates issued by Let's Encrypt, an automated, and open CA, run for public benefit. Domain validation history allows you to view the history and errors associated with your Akamai managed DV certificates. These certificates expire in 90 days.", "type": "object", "required": [ "results" ], "properties": { "results": { "description": "Domain Validation (DV) challenges are used by Let's Encrypt to verify domain control.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "domain", "domainHistory" ], "properties": { "domain": { "description": "The domain being validated.", "type": "string" }, "domainHistory": { "description": "A history record for a single domain.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "challenges", "validationRecords" ], "properties": { "challenges": { "description": "Challenges used for validation.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "validationRecords" ], "properties": { "error": { "description": "Validation status for this challenge.", "nullable": true, "type": "string" }, "fullPath": { "description": "Path where Let's Encrypt respects and expects to find `token` as content.", "type": "string" }, "redirectFullPath": { "description": "The URL where Akamai publishes `responseBody` for Let's Encrypt to validate `http-01` challenges. The client can configure a redirect at `fullPath` to redirect requests to this `redirectFullPath` URL, keeping in mind that the token may change over time.", "type": "string" }, "responseBody": { "description": "The data Let's Encrypt expects to find served at `fullPath` URL.", "type": "string" }, "status": { "description": "The domain validation status. Status include `valid` and `pending`.", "type": "string" }, "token": { "description": "The validation token issued by Let's Encrypt.", "type": "string" }, "type": { "description": "Challenge type. Current types include `http-01` and `dns-01`.", "type": "string" }, "validationRecords": { "description": "The records that you send to Let's Encrypt to validate your domain.", "type": "array", "items": { "additionalProperties": false, "type": "object", "properties": { "authorities": { "description": "Validation authorities.", "type": "array", "items": { "type": "string" } }, "hostname": { "description": "The name being validated.", "type": "string" }, "port": { "description": "Port used for validation.", "type": "string" }, "resolvedIp": { "description": "IPs resolved for name being validated.", "type": "array", "items": { "type": "string" } }, "triedIp": { "description": "IP from `resolvedIp` tried for this validation.", "type": "string" }, "url": { "description": "URL attempted validated.", "type": "string" }, "usedIp": { "description": "IP from `resolvedIp` used for this validation.", "type": "string" } } } } } } }, "domain": { "description": "Domain which is being validated.", "type": "string" }, "error": { "description": "Current validation status for domains not yet validated.", "nullable": true, "type": "string" }, "expires": { "description": "Timestamp when this token or validation will expire. Sample 2017-12-05T18:57:07z.", "type": "string" }, "fullPath": { "description": "The URL that Let's Encrypt returns for the `token`.", "type": "string" }, "redirectFullPath": { "description": "The URL that Let's Encrypt returns. This is the path to the server to which you want to redirect and find the token.", "type": "string" }, "requestTimestamp": { "description": "The timestamp when the domain was successfully requested. Sample 2014-08-12T18:57:07z.", "type": "string" }, "responseBody": { "description": "The data Let's Encrypt expects to find served at `fullPath` URL.", "type": "string" }, "status": { "description": "The domain validation status.", "type": "string" }, "token": { "description": "The validation token issued by Let's Encrypt.", "type": "string" }, "validatedTimestamp": { "description": "The timestamp when the domain was successfully validated. Sample 2014-08-12T18:57:07z.", "type": "string" }, "validationRecords": { "description": "Validation attempts and status.", "type": "array", "items": { "additionalProperties": false, "description": "Validation attempt.", "type": "object", "properties": { "hostname": { "description": "The records that Let's Encrypt returns to you to validate your domain.", "type": "string" }, "port": { "description": "Port used for validation.", "type": "string" }, "resolvedIp": { "description": "IPs resolved for name being validated.", "type": "array", "items": { "description": "IP address.", "type": "string" } }, "url": { "description": "URL attempted validated.", "type": "string" }, "usedIp": { "description": "IP from `resolvedIp` used for this validation.", "type": "string" } } } }, "validationStatus": { "description": "Status of the domain validation process.", "type": "string" } } } } } } } }, "x-akamai": { "file-path": "schemas/dv-history.v1.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/history/certificates": { "get": { "description": "View the certificate history.", "operationId": "get-history-certificates", "summary": "Get certificate history", "tags": [ "Enrollments" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-history-certificates" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.certificate-history.v2+json": { "example": { "certificates": [ { "deploymentStatus": "inactive", "geography": "core", "ra": "third-party", "stagingStatus": "inactive", "type": "third-party", "slots": [], "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... 9t0G\n-----END CERTIFICATE-----", "expiry": "2022-02-15T06:05:32Z", "keyAlgorithm": "ECDSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDT ... .... okCk=\n-----END CERTIFICATE-----" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... Bp52w=\n-----END CERTIFICATE-----", "expiry": "2022-02-15T06:05:33Z", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID ... .... 7gf0=\n-----END CERTIFICATE-----" } ] }, { "deploymentStatus": "active", "geography": "core", "ra": "third-party", "stagingStatus": "active", "type": "third-party", "slots": [ 19598 ], "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... J9JQs/v0=\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:21Z", "keyAlgorithm": "ECDSA" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIID ... .... Mweq/\n-----END CERTIFICATE-----", "expiry": "2022-02-05T13:21:20Z", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIID ... .... KEUp0=\n-----END CERTIFICATE-----" } ] } ] }, "schema": { "additionalProperties": false, "description": "You can view the current and previous certificates as part of the certificate history. You retrieve each iteration in the history of your certificate by certificate type, and also view the status, expiration date, and certificate authority for the certificate. You can take actions on each activity of the certificate, including, view the certificate and view the trust chain for the certificate.", "type": "object", "required": [ "certificates" ], "properties": { "certificates": { "description": "The type of certificate. This could be a single certificate, which associates a property hostname with a single name. It could be a wildcard certificate, which secures an entire property hostname. It could be a SAN certificate, which uses Subject Alternative Names and allows you to secure up to 100 property hostnames with one certificate. It could also be a wildcard SAN certificate, which is a SAN certificate that can have up to 100 SANs with 25 wildcard entries in the SAN list. Lastly, you can have a third-party certificate, which is a signed certificate obtained by you from an external certificate authority.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "deploymentStatus", "multiStackedCertificates", "primaryCertificate", "slots", "stagingStatus", "type" ], "properties": { "deploymentStatus": { "description": "The current status of the certificate on the network. This is either `active` or `inactive`.", "type": "string", "enum": [ "active", "inactive" ] }, "geography": { "description": "Lists where you can deploy the certificate. If it is `standard-worldwide`, you can deploy everywhere except China. If it is `worldwide`, you can deploy everywhere including China. If it is `worldwide-russia`, you can deploy everywhere including Russia. Geography is dependent on your network type. If your network type is `standard-tls`, then you can deploy in Russia and `worldwide-russia` is the same as `standard-worldwide`.", "type": "string", "enum": [ "standard-worldwide", "worldwide", "worldwide-russia" ] }, "multiStackedCertificates": { "description": "Enables an ECDSA certificate in addition to an RSA certificate. CPS automatically performs all certificate operations on both certificates, and will use the best certificate for each client connection to your secure properties. Customers who are pinning certificates will need to pin both the RSA and the ECDSA certificate. We recommend all customers enable this feature. If its Third Party Dual Stack Certificate, fallback RSA certificate information will be present in this.", "type": "array", "items": { "additionalProperties": false, "type": "object", "properties": { "certificate": { "description": "The certificate text for the multi-stacked certificate.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the multi-stacked certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm for the multi-stacked certificate, either `ECDSA` or `RSA`.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "trustChain": { "description": "The trust chain for the multi-stacked certificate.", "nullable": true, "type": "string" } } } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary certificate for Enrollment.", "nullable": true, "type": "object", "properties": { "certificate": { "description": "The primary certificate in the multi-stacked certificate.", "nullable": true, "type": "string" }, "expiry": { "description": "The expiration date for the primary certificate.", "type": "string" }, "keyAlgorithm": { "description": "The key algorithm for the primary certificate.", "type": "string", "enum": [ "ECDSA", "RSA" ] }, "trustChain": { "description": "The trust chain for the primary certificate.", "nullable": true, "type": "string" } } }, "ra": { "description": "The certificate registration authority of the primary certificate.", "type": "string" }, "slots": { "description": "The slot numbers of the primary certificate.", "type": "array", "items": { "type": "integer" } }, "stagingStatus": { "description": "The staging status of the primary certificate, either `active` or `inactive`.", "type": "string", "enum": [ "active", "inactive" ] }, "type": { "description": "Either `san`, `single`, `wildcard`, `wildcard-san`, or `third-party`.", "type": "string", "enum": [ "san", "single", "wildcard", "wildcard-san", "third-party" ] } } } } }, "x-akamai": { "file-path": "schemas/certificate-history.v2.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] }, "/enrollments/{enrollmentId}/history/changes": { "get": { "description": "Change history of an enrollment.", "operationId": "get-history-changes", "summary": "Get change history", "tags": [ "Changes" ], "externalDocs": { "description": "See documentation for this operation in Akamai's Certificate Provisioning System API", "url": "https://techdocs.akamai.com/cps/reference/get-history-changes" }, "responses": { "200": { "description": "Successful response.", "content": { "application/vnd.akamai.cps.change-history.v5+json": { "example": { "changes": [ { "action": "renew", "actionDescription": "Renew Certificate", "businessCaseId": "5005B00000XYZA1234", "createdBy": "mrossi", "createdOn": "2021-05-09T19:26:59Z", "lastUpdated": "2021-06-12T12:56:55Z", "ra": "symantec", "status": "completed", "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIIFH ... .... b+kIw==\n-----END CERTIFICATE-----", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIEdj ... .... oqzb5Ct\n-----END CERTIFICATE-----" }, "primaryCertificateOrderDetails": { "orderId": "abcdefM6Gw3WvN2p12345" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIIDu ... .... 3JpAg==\n-----END CERTIFICATE-----", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "ECDSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDzD ... .... F3+fA==\n-----END CERTIFICATE-----" } ] }, { "action": "renew", "actionDescription": "Renew Certificate", "businessCaseId": "5005B00000DEFG1234", "createdBy": "szhang", "createdOn": "2021-02-02T18:21:17Z", "lastUpdated": "2021-02-05T19:57:14Z", "ra": "symantec", "status": "cancelled", "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIIFH ... .... b+kIw==\n-----END CERTIFICATE-----", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIEdj ... .... oqzb5Ct\n-----END CERTIFICATE-----" }, "primaryCertificateOrderDetails": { "orderId": "abcdeHvg8F7caXW312345" }, "multiStackedCertificates": [ { "certificate": null, "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "ECDSA", "trustChain": null } ] }, { "action": "renew", "actionDescription": "Renew Certificate", "businessCaseId": null, "createdBy": "jperez", "createdOn": "2021-02-01T17:16:35Z", "lastUpdated": null, "primaryCertificate": null, "primaryCertificateOrderDetails": null, "ra": "symantec", "status": "cancelled", "multiStackedCertificates": [] }, { "action": "new-certificate", "actionDescription": "Create New Certificate", "businessCaseId": "5005B00000ABCD1234", "createdBy": "jsmith", "createdOn": "2021-02-01T16:30:58Z", "lastUpdated": "2021-02-01T17:16:37Z", "ra": "symantec", "status": "completed", "primaryCertificate": { "certificate": "-----BEGIN CERTIFICATE-----\nMIIFH ... .... b+kIw==\n-----END CERTIFICATE-----", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "RSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIEdj ... .... oqzb5Ct\n-----END CERTIFICATE-----" }, "primaryCertificateOrderDetails": { "orderId": "abcdex7zh8wspr4m12345" }, "multiStackedCertificates": [ { "certificate": "-----BEGIN CERTIFICATE-----\nMIIDu ... .... 3JpAg==\n-----END CERTIFICATE-----", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2 ... .... mdnsaw=\n-----END CERTIFICATE REQUEST-----", "keyAlgorithm": "ECDSA", "trustChain": "-----BEGIN CERTIFICATE-----\nMIIDzD ... .... F3+fA==\n-----END CERTIFICATE-----" } ] } ] }, "schema": { "additionalProperties": false, "description": "You can view all the changes associated with a certificate as part of the change history. This is the equivalent of viewing the certificate activity in the CPS UI. You can view each change to your certificate, the status of your change, the last updated date, the date the change was created, and who created the change. You can also take actions on each change of the certificate, including viewing the CSR for the certificate, viewing the certificate, and viewing the trust chain for the certificate.", "type": "object", "required": [ "changes" ], "properties": { "changes": { "description": "Change history items.", "type": "array", "items": { "additionalProperties": false, "type": "object", "required": [ "action", "actionDescription", "createdBy", "createdOn", "multiStackedCertificates", "ra", "status" ], "properties": { "action": { "description": "Show every change on the certificate. The possible changes are `import-certificate`, `renew`, `new-certificate`, `modify-san`, `update-network-configuration`.", "type": "string", "enum": [ "import-certificate", "renew", "new-certificate", "modify-san", "update-network-configuration" ] }, "actionDescription": { "description": "A description of each change.", "type": "string" }, "businessCaseId": { "description": "SalesForce ID associated with this change.", "nullable": true, "type": "string" }, "createdBy": { "description": "The username of the user who initiated the change.", "type": "string" }, "createdOn": { "description": "A date and timestamp when the change started.", "format": "date-time", "type": "string" }, "lastUpdated": { "description": "A date and timestamp when the change was last updated.", "nullable": true, "type": "string" }, "multiStackedCertificates": { "description": "Dual-stacked certificates.", "type": "array", "items": { "additionalProperties": false, "type": "object", "properties": { "certificate": { "description": "Certificate text.", "nullable": true, "type": "string" }, "csr": { "description": "Certificate CSR.", "type": "string" }, "keyAlgorithm": { "description": "Key algorithm of the certificate.", "type": "string" }, "trustChain": { "description": "Certificate trust chain.", "nullable": true, "type": "string" } } } }, "primaryCertificate": { "additionalProperties": false, "description": "Primary Certificate.", "nullable": true, "type": "object", "properties": { "certificate": { "description": "Certificate text.", "nullable": true, "type": "string" }, "csr": { "description": "Certificate CSR.", "type": "string" }, "keyAlgorithm": { "description": "Key algorithm of the certificate.", "type": "string" }, "trustChain": { "description": "Certificate trust chain.", "nullable": true, "type": "string" } } }, "primaryCertificateOrderDetails": { "additionalProperties": false, "description": "CA order details for this Change.", "nullable": true, "type": "object", "properties": { "orderId": { "description": "Order ID.", "type": "string" } } }, "ra": { "description": "The certificate authority that issued the certificate.", "type": "string" }, "status": { "description": "The status of the change. The possible changes are `incomplete`, `cancelled`, `completed`.", "type": "string", "enum": [ "incomplete", "cancelled", "completed" ] } } } } }, "x-akamai": { "file-path": "schemas/change-history.v5.yaml" } } } } } }, "parameters": [ { "description": "For customers who manage more than one account, this [runs the operation from another account](https://techdocs.akamai.com/developer/docs/manage-many-accounts-with-one-api-client). The Identity and Access Management API provides a [list of available account switch keys](https://techdocs.akamai.com/iam-api/reference/get-client-account-switch-keys).", "example": "{{accountSwitchKey}}", "in": "query", "name": "accountSwitchKey", "required": false, "schema": { "example": "1-5C0YLB:1-8BYUX", "type": "string" } } ] }, "parameters": [ { "description": "Enrollment on which to perform the desired operation.", "example": "{{enrollmentId}}", "in": "path", "name": "enrollmentId", "required": true, "schema": { "example": 10000, "type": "integer" }, "x-akamai": { "file-path": "parameters/enrollmentId-path.yaml" } } ] } }, "x-readme": { "samples-languages": [ "curl", "python", "node" ] }, "servers": [ { "url": "https://{hostname}/cps/v2" } ] }