Rest Auth-Policy; Rest Certificate - Cisco ASR 5500 System Administration Manual
Hide thumbs
Also See for ASR 5500:
- Administration manual (410 pages) ,
- Installation manual (192 pages) ,
- Installation procedure overview (6 pages)
Table of Contents
Advertisement
NETCONF and ConfD
rest auth-policy
This NETCONF Protocol Configuration mode command controls the level of verification the server does on
client certificates. CA (certificate authority) certificates can be configured using the existing ca-certificate
command in Global Configuration mode.
The command syntax is: rest auth-policy { none | peer | peer-fail }, where
• none - No authentication performed.
• peer - If the client does not provide a certificate, or the client provides a certificate and it is valid, the
connection is allowed. If the client provides a certificate that is not valid, the connection is aborted.
Important
• peer-fail - Server requires the client to supply a client certificate and will fail the connection if certificate
is not successfully validated.
Important
Use no rest auth-policy to set the auth-policy to none; no authentication will be performed.
Important
A change to the REST interface auth-policy may result in a planned restart of ConfD and temporary loss
of connectivity over the NETCONF and REST (if still enabled) interfaces.
Changes to global certificates which ConfD is using while REST is enabled will also result in a restart of
ConfD.
rest certificate
This NETCONF Protocol Configuration mode command configures certificate and private-key for REST
interface.
The command syntax is: rest certificate certificate_name, where certificate_name is an alphanumeric string
of 1 to 128 characters.
The certificate specified must to be present on the device. Certificate and the associated private-key can
Important
be configured using the existing certificate command in Global Configuration mode.
Use no rest certificate to remove any configured certificate and key. REST will not be operational without
a valid certificate and key.
If peer is selected, CA certificates are recommended; otherwise, a client providing a
valid certificate cannot be authenticated and connection will fail.
If peer-fail is selected, one or more CA certificates must be present on the device;
otherwise, the REST interface will not be enabled.
ASR 5500 System Administration Guide, StarOS Release 21.5
NETCONF Protocol Configuration Mode
343
Advertisement
Table of Contents
Troubleshooting
