tls (NETCONF)
Syntax
tls {
client-identity client-id {
fingerprint fingerprint;
map-type (san-dirname-cn | specified);
username username;
}
default-client-identity {
map-type (san-dirname-cn | specified);
username username;
}
local-certificate local-certificate;
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
Hierarchy Level
[edit system services netconf]
Description
Enable NETCONF sessions over Transport Layer Security (TLS) with mutual X.509
certificate-based authentication. To enable NETCONF sessions over TLS, you must
configure the local-certificate statement and either a
client-identity statement or the
default-client-identity statement.
Junos devices support TLS version 1.2 for NETCONF sessions over TLS. The TLS server listens for incoming NETCONF-over-TLS connections on TCP port 6513.
Options
local-certificate local-certificate |
TLS server’s local certificate ID, which must be loaded into the Junos public key infrastructure (PKI). |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.2R1.
Statement introduced in Junos OS Evolved Release 21.4R1.