Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


cert-file (Scripts)


Hierarchy Level


Specify the certificate file (Root CA or self-signed) that the device uses to validate the server's certificate when you refresh a local script from an HTTPS server.

When you issue the set refresh or set refresh-from configuration mode command to refresh a single script or all scripts of a given type from an HTTPS server, the device uses the certificate configured for each script to validate the server's certificate and ensure the server is authentic. If certificate validation is successful, the device refreshes the script.


We do not recommend refreshing scripts from an HTTPS server when the device is unable to authenticate the server because malicious users could compromise the integrity of a script.


If you do not configure the cert-file statement for a script and you attempt to refresh the script from an HTTPS server, the device issues an error that cert-file is mandatory for HTTPS communication.



Absolute path to the certificate (Root CA or self-signed) in Privacy-Enhanced Mail (PEM) format that is used to validate the certificate of the server from which you refresh the script.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 21.2R1.