I actually figured it out. You need to go through the API, but before you can utilize the API to generate and update the certificate, you need to contact Okta and have them turn on the "KEY_ROLLOVER" feature on your instance. Once you do that, follow the steps for setting up the API Test Client here:
1. Generate an API Cert through your instance
2. Get the Apps API Collection.
3. Use the List Apps call to get the information on your "Akamai" App that you already created.
4. Use the "Generate Certificate" Call to get a new cert with 2 years on it by changing the "validityYears" value to 2.
5. Use the "Update Application Certificate" call with the new cert and the information from the List Apps call.
6. Revoke your API Cert