![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 69%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EON%3C/text%3E%3C/svg%3E)
Azure Content Delivery Network
An Azure service that provides global content delivery and acceleration.
346 questions
Hello @OLADOJA NIYI SAMAD ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you are trying to enable HTTPS on your Azure CDN custom domain using your own SSL certificate but are getting the following error "When using this permission, the backing application of the service principal being created must in the local tenant".
I've seen this error in below 2 cases:
- If Azure CDN and Key Vault are in the different subscriptions.
- If the user registering Azure CDN doesn't have Global Administrator permissions in Azure AD.
The Global Administrator permissions requirement is missing in the Azure CDN doc (I will try to get it added) but you can see this requirement in the Azure Front Door doc which uses the same ApplicationId.
Azure Front Door doc: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#register-azure-front-door
I would request you to make sure that your Azure Key Vault account is under the same subscription as your Azure CDN profile & CDN endpoints that you want to enable custom HTTPS on. And when trying to register the Azure CDN as an app in your Azure Active Directory via PowerShell, make sure that you have Global Administrator permissions in Azure AD.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.