Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Enable NETCONF sessions over Transport Layer Security (TLS) with mutual X.509 certificate-based authentication. To enable NETCONF sessions over TLS, you must configure the local-certificate statement and either a client-identity statement or the default-client-identity statement.

Devices running Junos OS support TLS version 1.2 for NETCONF sessions over TLS. The TLS server listens for incoming NETCONF-over-TLS connections on TCP port 6513.


local-certificate local-certificate

TLS server’s local certificate ID, which must be loaded into the Junos OS public key infrastructure (PKI).

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 20.2R1.