Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ssl

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 16.1 for MX80, MX104, MX240, MX480, MX960, MX2010, MX2020, vMX Series.

mutual-authentication, client-certificate-request, and certificate-authority options introduced in Junos OS Release 17.4R1.

Description

Configure API connection settings based on Secure Sockets Layer (SSL) technology.

Options

address ip-addressSpecify the IP address to listen for incoming connections. If you use the default IP address 0.0.0.0, the JET service process (jsd) listens on the IP address in the default routing instance.

Default: 0.0.0.0

mutual-authenticationEnable bidirectional authentication. Use this option, in conjunction with client-certificate-request and certificate-authority profile-name to configure client authentication using SSL-based certificates.
client-certificate-requestSpecify the requirements for a client certificate.

no-certificate—Client certificate is not requested.

Note

We strongly recommend that you use this option in a test environment only.

request-certificate—Request certificate from client but do not verify.

request-certificate-and-verify—Request certificate from client and verify if provided.

require-certificate—Client certificate is mandatory, but do not verify.

require-certificate-and-verfiy—Client certificate is mandatory, and certificate is verified.

Default: no-certificate

Note

You can specify only one value for a client certificate.

certificate-authority profile-nameSpecify the name of a certificate-authorirty profile configured at the [edit security pki ca-profile] hierarchy level. This profile is used to validate the certificate provided by the client.
port portSpecify the port number to accept incoming connections.
Note

For gRPC connections used to stream telemetry data, the required port number is 32767.

Range: 1 through 65535

Default: 9090

The remaining statement is explained separately. See CLI Explorer.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.