Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Request-Response Service for JET Applications

 

When using the request-response service, the client application issues a request and synchronously waits for the response from the Junos OS server.

You can configure the JET service process (jsd) to run in Secure Sockets Layer (SSL) mode for increased security. To have jsd run in SSL mode, you must first enable the jsd process to use SSL by adding and configuring the certificate name locally. The certificate must be an RSA certificate. ECDSA and DSA SSL certificates are not supported.

Currently, JET supports Transport Layer Security (TLS) version 1.2 for certificate exchange and supports multiple encryption algorithms, but does not support mutual authentication. This means that clients can authenticate the server, but the server can not authenticate clients using SSL / TLS certificates. For client authentication, use the LoginCheck() procedure from the authentication service API.

To configure the jsd for request-response service:

  1. Copy the SSL certificate and private key PEM file to the device using the FTP command line or the scp command.

    For example, if ssl-jsd-encrypt.pem is the SSL certificate’s filename:

  2. Import the SSL certificate and private key with the CLI set security certificates local local-name load-key-file pathname-on-device configuration statement.

    For example, if the local name of the SSL certificate is jsd_certificate:

  3. Go to the [edit system services extension-service request-response grpc] hierarchy level.
  4. Specify ssl.Note

    Setting ssl requires that you must first enable the jsd process to use SSL. See Step 1.

  5. Specify the maximum connections.
  6. Specify the scripts to use.

Following is the hierarchy for the system services extension-service request-response grpc configuration statement:

Following is more information about the options for the system services extension-service request-response grpc configuration statement:

  • For SSL, there is no default for local-certificate. The value for local-certificate should be the same as the name provided during the import of the certificate using the CLI configuration statement local in the [edit security certificates] hierarchy level. In our example, the local certificate name is jsd_certificate.

  • max-connections is the number of simultaneous connections for request-response that can be attached to jsd. The higher the number, the higher the impact that clients have on performance. The maximum number of connections supported is 8.