Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 16.1.

mutual-authentication, client-certificate-request, and certificate-authority options introduced in Junos OS Release 17.4R1.


Configure API connection settings based on Secure Sockets Layer (SSL) technology.


address ip-addressSpecify the IP address to listen for incoming connections. If you use the default IP address, the JET service process (jsd) listens on the IP address in the default routing instance.


mutual-authenticationEnable bidirectional authentication. Use this option, in conjunction with client-certificate-request and certificate-authority profile-name to configure client authentication using SSL-based certificates.
client-certificate-requestSpecify the requirements for a client certificate.

no-certificate—Client certificate is not requested.


We strongly recommend that you use this option in a test environment only.

request-certificate—Request certificate from client but do not verify.

request-certificate-and-verify—Request certificate from client and verify if provided.

require-certificate—Client certificate is mandatory, but do not verify.

require-certificate-and-verfiy—Client certificate is mandatory, and certificate is verified.

Default: no-certificate


You can specify only one value for a client certificate.

hot-reloadingEnable persistent gRPC sessions across SSL certificate updates between a collector and a client. If this feature is not enabled, when a certificate is updated between a client and a collector, all existing gRPC sessions are terminated.
certificate-authority profile-nameSpecify the name of a certificate-authorirty profile configured at the [edit security pki ca-profile] hierarchy level. This profile is used to validate the certificate provided by the client.
port portSpecify the port number to accept incoming connections.

For gRPC connections used to stream telemetry data, the required port number is 32767.

Range: 1 through 65535

Default: 9090

The remaining statement is explained separately. See CLI Explorer.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.