Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


local-certificate (System)


Hierarchy Level


Specify the SSL certificate to use to authenticate the local device for system services, gRPC Remote Procedure Calls (gRPC), and Network Time Security (NTS) using Network Time Protocol (NTP).

Specify the name of a local certificate. There is no default for local-certificate. The value for local-certificate should be the same as the name provided during the import of the certificate. You can import the certificate using the CLI configuration statement local at the [edit security certificates] hierarchy level. Alternatively, on supported devices, you can import the certificate into the Junos public key infrastructure (PKI) by using the request security pki local-certificate load operational mode command.

Use set system ntp nts local-certificate nts-cert to configure local NTS certificate. The server provides a local certificate and the certificate ID to the client for verification, that is loaded on to the device during certificate enrollment. The server must configure the local-certificate. The client verifies the certificate sent by the server and proceeds with time synchronization if server certificate is valid.

If you load the local certificate in the Junos PKI on supported devices, you must configure both the local-certificate statement and the use-pki statement at the same hierarchy level. The use-pki statement instructs the device to search the PKI database for local certificates.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

Statement introduced for the [edit system services extension-service request-response thrift] hierarchy level in Junos OS Release 16.1 for MX80, MX480, MX960, MX2010, MX2020, vMX, and PTX Series.