+<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
+ <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"><?xml version="1.0" encoding="UTF-8"?>
+<module name="ietf-tls-server"
+ xmlns="urn:ietf:params:xml:ns:yang:yin:1"
+ xmlns:tlss="urn:ietf:params:xml:ns:yang:ietf-tls-server"
+ xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
+ xmlns:ks="urn:ietf:params:xml:ns:yang:ietf-keystore">
+ <yang-version value="1.1"/>
+ <namespace uri="urn:ietf:params:xml:ns:yang:ietf-tls-server"/>
+ <prefix value="tlss"/>
+ <import module="ietf-inet-types">
+ <prefix value="inet"/>
+ <reference>
+ <text>RFC 6991: Common YANG Data Types</text>
+ </reference>
+ </import>
+ <import module="ietf-keystore">
+ <prefix value="ks"/>
+ <reference>
+ <text>RFC YYYY: Keystore Model</text>
+ </reference>
+ </import>
+ <organization>
+ <text>IETF NETCONF (Network Configuration) Working Group</text>
+ </organization>
+ <contact>
+ <text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt;
+WG List: &lt;mailto:netconf@ietf.org&gt;
+
+WG Chair: Mehmet Ersue
+ &lt;mailto:mehmet.ersue@nsn.com&gt;
+
+WG Chair: Mahesh Jethanandani
+ &lt;mailto:mjethanandani@gmail.com&gt;
+
+Editor: Kent Watsen
+ &lt;mailto:kwatsen@juniper.net&gt;</text>
+ </contact>
+ <description>
+ <text>This module defines a reusable grouping for a TLS server that
+can be used as a basis for specific TLS server instances.
+
+Copyright (c) 2014 IETF Trust and the persons identified as
+authors of the code. All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, is permitted pursuant to, and subject
+to the license terms contained in, the Simplified BSD
+License set forth in Section 4.c of the IETF Trust's
+Legal Provisions Relating to IETF Documents
+(http://trustee.ietf.org/license-info).
+
+This version of this YANG module is part of RFC XXXX; see
+the RFC itself for full legal notices.</text>
+ </description>
+ <revision date="2016-11-02">
+ <description>
+ <text>Initial version</text>
+ </description>
+ <reference>
+ <text>RFC XXXX: TLS Client and Server Models</text>
+ </reference>
+ </revision>
+ <grouping name="non-listening-tls-server-grouping">
+ <description>
+ <text>A reusable grouping for a TLS server that can be used as a
+basis for specific TLS server instances.</text>
+ </description>
+ <container name="certificates">
+ <description>
+ <text>The list of certificates the TLS server will present when
+establishing a TLS connection in its Certificate message,
+as defined in Section 7.4.2 in RRC 5246.</text>
+ </description>
+ <reference>
+ <text>RFC 5246:
+ The Transport Layer Security (TLS) Protocol Version 1.2</text>
+ </reference>
+ <list name="certificate">
+ <key value="name"/>
+ <min-elements value="1"/>
+ <description>
+ <text>An unordered list of certificates the TLS server can pick
+from when sending its Server Certificate message.</text>
+ </description>
+ <reference>
+ <text>RFC 5246: The TLS Protocol, Section 7.4.2</text>
+ </reference>
+ <leaf name="name">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"/>
+ </type>
+ <description>
+ <text>The name of the certificate in the keystore.</text>
+ </description>
+ </leaf>
+ </list>
+ </container>
+ <container name="client-auth">
+ <description>
+ <text>A reference to a list of trusted certificate authority (CA)
+certificates and a reference to a list of trusted client
+certificates.</text>
+ </description>
+ <leaf name="trusted-ca-certs">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
+ </type>
+ <description>
+ <text>A reference to a list of certificate authority (CA)
+certificates used by the TLS server to authenticate
+TLS client certificates.</text>
+ </description>
+ </leaf>
+ <leaf name="trusted-client-certs">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
+ </type>
+ <description>
+ <text>A reference to a list of client certificates used by
+the TLS server to authenticate TLS client certificates.
+A clients certificate is authenticated if it is an
+exact match to a configured trusted client certificate.</text>
+ </description>
+ </leaf>
+ </container>
+ </grouping>
+ <grouping name="listening-tls-server-grouping">
+ <description>
+ <text>A reusable grouping for a TLS server that can be used as a
+basis for specific TLS server instances.</text>
+ </description>
+ <leaf name="address">
+ <type name="inet:ip-address"/>
+ <description>
+ <text>The IP address of the interface to listen on. The TLS
+server will listen on all interfaces if no value is
+specified. Please note that some addresses have special
+meanings (e.g., '0.0.0.0' and '::').</text>
+ </description>
+ </leaf>
+ <leaf name="port">
+ <type name="inet:port-number"/>
+ <description>
+ <text>The local port number on this interface the TLS server
+listens on. When this grouping is used, it is RECOMMENDED
+that refine statement is used to either set a default port
+value or to set mandatory true.</text>
+ </description>
+ </leaf>
+ <uses name="non-listening-tls-server-grouping"/>
+ </grouping>
+</module>
+</data>
+</rpc-reply>