How to configure and setup a southbound Netconf connection over SSH towards a device is quite well documented in the ODL documentation. But there is practically no corresponding documentation of how to configure a Netconf over TLS connection.

For example, the keys and certificates to be used for Netconf/TLS are configured using the RPCs defined in the opendayligt:netconf-keystore Yang model. But the model and RPCs don't seem to be mentioned anywhere in the documentation. The key and certificate handling explained in the AAA chapter don't seem to be relevant for Netconf.

Also the parameters used over restconf to configure a Netconf over TLS connection, like the <key-based>, <key-id>, <tls>, <exluded-versions>, could be more explained in the documentation.