Importing SSL Certificates for Junos XML Protocol Support

A Junos XML protocol client application can use one of four protocols to connect to the Junos XML protocol server on a router or switch: clear-text (a Junos XML protocol-specific protocol for sending unencrypted text over a TCP connection), SSH, SSL, or Telnet. For clients to use the SSL protocol, you must copy an X.509 authentication certificate onto the router or switch, as described in this topic. You must also include the xnm-ssl statement at the [edit system services] hierarchy level.

After obtaining an X.509 authentication certificate and private key, copy it to the router or switch by including the local statement at the [edit security certificates] hierarchy level:

certificate-name is a name you choose to identify the certificate uniquely (for example, Junos XML protocol-ssl-client-hostname, where hostname is the computer where the client application runs).

filename is the pathname of the file on the local disk that contains the paired certificate and private key (assuming you have already used another method to copy them to the router’s or switch’s local disk).

url is the URL to the file that contains a paired certificate and private key (for instance, on the computer where the Junos XML protocol client application runs).