Setup TLS Certificates for the RESTCONF Site

To use TLS Certificates with your restconf site you will first need to be sure your WEB server has the mod_ssl module installed and enabled. The SSL module will be installed by default if you have followed this guide to this point. You will have to enable the SSL module explicitly on Ubuntu/Debian systems:

Ubuntu version:

mydir> sudo a2enmod ssl

mydir> sudo service apache2 reload

Next edit the /etc/apache2/sites-available/restconf.conf site configuration file and uncomment the optional TLS configuration block shown below:

Note

Be sure to insert your path to server.crt and server.key for the SSLCertificateFile and SSLCertificateKeyFile parameters instead of /home/<user-name>/certs/...

#
# Uncomment this block to enable RESTCONF over TLS
#
#
####    CHANGE /home/user/certs/... to your username or the location of the
####      certificates, e.g./home/fred/certs/... (in two locations below)
#
####
####
#<IfModule mod_ssl.c>

    ...


#        SSLCertificateFile /home/<user-name>/certs/server.crt
#        SSLCertificateKeyFile /home/<user-name>/certs/server.key
#


    ...


#</IfModule>
#
####

#

# Uncomment this block to enable RESTCONF over TLS

#

Restart the WEB Server

To restart the Apache Server follows the steps:

Ubuntu version:

mydir> sudo service apache2 restart

Fedora version:

You need to reboot the system:

mydir> sudo reboot

When the system is back up:

mydir> sudo service sshd start

mydir> sudo service httpd start

Start the netconfd-pro as root using the fileloc-fhs=true parameter:

mydir> sudo netconfd-pro --fileloc-fhs=true

To restart the NGINX Server follows the steps:

Ubuntu version:

mydir> sudo service nginx restart

Fedora version:

You need to reboot the system:

mydir> sudo reboot

When the system is back up:

mydir> sudo service sshd start

mydir> sudo service nginx start

Start the netconfd-pro as root using the fileloc-fhs=true parameter:

mydir> sudo netconfd-pro --fileloc-fhs=true

HTTP Connect

After WEB server reboot you can verify that the configuration are correct by using “curl” tool, for example. Send the following request to the RESTCONF server to verify that it is running and configured properly:

mydir> curl -u admin:<your-password> http://localhost/restconf/data/netconf-state/sessions
{
 "sessions": {
  "session": [
   {
    "session-id":5,
    "transport":"yumaworks-ids:netconf-http",
    "username":"restconf",
    "source-host":"127.0.0.1",
    "login-time":"2018-11-20T07:39:14Z",
    "in-rpcs":0,
    "in-bad-rpcs":0,
    "out-rpc-errors":0,
    "out-notifications":0
   }
  ]
 }

For more web requests using curl see the article: How can I execute web requests with tools like curl?

For more information on using RESTCONF see the articles in the section: RESTCONF