To configure keys and certificates to use in southbound Netconf over TLS, the RPCs
netconf-keystore:add-keystore-entry
netconf-keystore:add-private-key
netconf-keystore:add-trusted-certificate

are called over the restconf interface using URL like:

POST /restconf/operations/netconf-keystore:add-keystore-entry HTTP/1.1
Host: localhost:8181
Content-Type: application/json
cache-control: no-cache
Postman-Token: 77554403-01e5-4f99-8ab3-63cdf5c50261
{
 "input": {
  "key-credential": {
   "key-id": "ODL-private-key",
   "private-key" : "<key-data cut out>",
   "passphrase" : ""
  }
 }
}-----WebKitFormBoundary7MA4YWxkTrZu0gW-

These work fine when using the non-clustered odl-netconf-topology feature, but when using the odl-netconf-clustered-topology feature, an error message is return that says "No implementation of RPC AbsoluteSchemaPath{path=[(urn:opendaylight:netconf:keystore?revision=2017-10-17)add-keystore-entry]} available" (and likewise for add-private-key and add-trusted-certificate).

A work-around that seems to get past this problem is to install odl-netconf-topology, install the keys and certificates, uninstall odl-netconf-topology and then install odl-netconf-clustered-topology. But it is obviously not a work-around that can be used in practice.