Help Center/ Content Delivery Network/ User Guide/ Custom Domain Name Configuration/ HTTPS Settings/ SCM Authorization
Updated on 2025-06-06 GMT+08:00
View PDF
Share

SCM Authorization

If your certificate has been uploaded to Cloud Certificate Manager (CCM) of Huawei Cloud, you can enable SCM authorization so that you can directly obtain the certificate content when configuring certificates on CDN.

Do not delete the agency for authorizing CDN to access CCM. Otherwise, CDN cannot obtain certificate content when you configure HTTPS certificates.

Constraints

  1. IAM users can enable SCM authorization only when they have the following permissions:

    Associated Cloud Service

    Permission

    IAM
    • Listing permissions: iam:roles:listRoles
    • Creating a custom policy: iam:roles:createRole
    • Listing agencies: iam:agencies:listAgencies
    • Creating an agency: iam:agencies:createAgency
    • Granting global service permissions to an agency: iam:permissions:grantRoleToAgencyOnDomain

    CDN
    • Changing the billing option: cdn:configuration:modifyChargeMode
    • Granting CDN read-only permissions: CDN ReadOnlyAccess

    SCM

    Listing certificates: scm:cert:list
  2. After creating an agency, IAM users can configure certificates for domain names when they have the following permissions.
    • Modifying HTTPS settings: cdn:configuration:modifyHttpsConf
    • Modify origin pull settings: cdn:configuration:modifyOriginConfInfo

Enabling SCM Authorization

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the upper right corner of the page, click Enable SCM Authorization.
    Figure 1 Cloud resource authorization
  4. Click OK. The system creates an agency named CDNAccessScm for you on the IAM console. CDN now has the permission to list your SCM certificates and export certificate details.
Parent topic: HTTPS Settings