Overview
Introduction
The Private Certificate Management service in CCM allows you to share private CAs of account A with all member accounts in the same organization unit. These member accounts, such as accounts B and C, can use the shared CA to issue certificates.
- Account A is the private CA owner (owner for short).
- Accounts B and C are private CA recipients.
Private CA Owner and Recipient Permissions
Owners can perform all operations on private CAs, while recipients can only perform certain operations. For details, see Table 1.
|
Role |
Operation Supported |
Description |
|---|---|---|
|
Recipient |
pca:ca:export |
Access through the console or API |
|
pca:ca:get |
Access through the console or API |
|
|
pca:ca:listTags |
Access through the console or API |
|
|
pca:ca:issueCert |
Access through the console or API |
|
|
pca:ca:issueCertByCsr |
Access through the console or API |
|
|
pca:ca:revokeCert |
Access through the console or API |
Supported Resource Types and Regions
Table 2 lists the resource types and regions can be shared in PCA.
Billing Description
For details about PCA billing, see Billing Items.
The owner of a shared private CA pays for the CA. So, only the resource owner will be charged for shared resources.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
