Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

ssl

Syntax

Hierarchy Level

Description

Configure API connection settings based on Secure Sockets Layer (SSL) technology.

Options

address ip-address

Specify the IP address to listen for incoming connections. If you use the default IP address 0.0.0.0, the JET service process (jsd) listens on the IP address in the default routing instance.

  • Default: 0.0.0.0
mutual-authentication

Enable bidirectional authentication. Use this option, in conjunction with client-certificate-request and certificate-authority profile-name to configure client authentication using SSL-based certificates.
client-certificate-request

Specify the requirements for a client certificate.

no-certificate—Client certificate is not requested.

Note:

We strongly recommend that you use this option in a test environment only.

request-certificate—Request certificate from client but do not verify.

request-certificate-and-verify—Request certificate from client and verify if provided.

require-certificate—Client certificate is mandatory, but do not verify.

require-certificate-and-verify—Client certificate is mandatory, and certificate is verified.

  • Default: no-certificate

    Note:

    You can specify only one value for a client certificate.

hot-reloading

Enable persistent gRPC sessions across SSL certificate updates between a network management system or collector and a network device. If this feature is not enabled, when a certificate is updated between the network device and remote management system, all existing gRPC sessions are terminated.
certificate-authority profile-name

Specify the name of a certificate-authorirty profile configured at the [edit security pki ca-profile] hierarchy level. This profile is used to validate the certificate provided by the client.
port port

Specify the port number to accept incoming connections.

Note:

For gRPC connections used to stream telemetry data, the required port number is 32767.

  • Range: 1 through 65535

  • Default: 9090
use-pki Use the Public Key Infrastructure (PKI) database on the device for gRPC-based operations that require certificates.

The remaining statement is explained separately. See CLI Explorer.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 16.1.

mutual-authentication, client-certificate-request, and certificate-authority options added in Junos OS Release 17.4R1.

hot-reloading option added in Junos OS Release 20.4R1.

use-pki option added in Junos OS Evolved Release 22.2R1.

Related Documentation