tls (NETCONF)
Syntax
tls {
client-identity client-id {
fingerprint fingerprint;
map-type (san-dirname-cn | specified);
username username;
}
local-certificate local-certificate;
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 20.2R1.
Description
Enable NETCONF sessions over Transport Layer Security (TLS) with mutual X.509 certificate-based authentication. To enable NETCONF sessions over TLS, you must configure the local-certificate statement and either a client-identity statement or the default-client-identity statement.
Devices running Junos OS support TLS version 1.2 for NETCONF sessions over TLS. The TLS server listens for incoming NETCONF-over-TLS connections on TCP port 6513.
Options
local-certificate local-certificate—TLS server’s local certificate
ID, which must be loaded into the Junos OS public key infrastructure
(PKI).
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.