Configuring Request-Response Service for JET Applications
When using the request-response service, the client application issues a request and synchronously waits for the response from the Junos OS server.
You can configure the JET service process (jsd) to run in Secure Sockets Layer (SSL) mode for increased security. To have jsd run in SSL mode, you must first enable the jsd process to use SSL by adding and configuring the certificate name locally. The certificate must be an RSA certificate. ECDSA and DSA SSL certificates are not supported.
Currently, JET supports Transport Layer Security (TLS) version 1.2 for certificate exchange and supports multiple encryption algorithms, but does not support mutual authentication. This means that clients can authenticate the server, but the server can not authenticate clients using SSL / TLS certificates. For client authentication, use the LoginCheck() procedure from the authentication service API.
To configure the jsd for request-response service:
- Copy the
SSL certificate and private key PEM file to the device using the FTP
command line or the
For example, if
ssl-jsd-encrypt.pemis the SSL certificate’s filename:% scp ssl-jsd-encrypt.pem device-name:/var/tmp
- Import the SSL certificate and private key with the CLI set security certificates local local-name load-key-file pathname-on-device configuration statement.
For example, if the local name of the SSL certificate is
jsd_certificate:user@device# set security certificates local jsd_certificate load-key-file /var/tmp/ssl-jsd-encrypt.pem
- Go to the [edit system services
extension-service request-response grpc] hierarchy level.user@device# edit system services extension-service request-response grpc[edit system services extension-service request-response grpc]
- Specify ssl.
Setting ssl requires that you must first enable the jsd process to use SSL. See Step 1.
- Specify the maximum connections.
- Specify the scripts to use.
Following is the hierarchy for the system services extension-service request-response grpc configuration statement:
Following is more information about the options for the system services extension-service request-response grpc configuration statement:
For SSL, there is no default for
local-certificate. The value for
local-certificateshould be the same as the name provided during the import of the certificate using the CLI configuration statement local in the [edit security certificates] hierarchy level. In our example, the local certificate name is jsd_certificate.
max-connections is the number of simultaneous connections for request-response that can be attached to jsd. The higher the number, the higher the impact that clients have on performance. The maximum number of connections supported is 8.