diff --git a/rc/bin/service/tcp17020 b/rc/bin/service/tcp17020
new file mode 100755
index 000000000..e05556c96
--- /dev/null
+++ b/rc/bin/service/tcp17020
@@ -0,0 +1,2 @@
+#!/bin/rc
+exec tlssrv -A /bin/aux/trampoline 'net!$fs!9fs'
diff --git a/rc/bin/srvtls b/rc/bin/srvtls
new file mode 100755
index 000000000..60804c60c
--- /dev/null
+++ b/rc/bin/srvtls
@@ -0,0 +1,45 @@
+#!/bin/rc
+rfork e
+
+fn usage {
+	echo 'usage: srvtls [ -abcCnq ] [ -k keyspec ]  [net!]system[!service] [ srvname [ mtpt ] ]' >[1=2]
+	exit usage
+}
+
+mopt=()
+mtpt=()
+client=(/bin/tlsclient -a)
+
+while(~ $1 -*){
+	switch($1){
+	case -[abcCnq]*; mopt=($mopt $1)
+	case *
+		~ $#* 1 && usage
+		switch($1){
+		case -k; client=($client $1 $2)
+		case *; usage
+		}
+		shift
+	}
+	shift
+}
+
+switch($#*){
+case 1;	srv=/srv/$1
+case 2;	srv=/srv/$2
+case 3;	srv=/srv/$2; mtpt=$3
+case *;	usage
+}
+
+switch($1){
+case *!*!*; host=$1
+case *!*; host=$1!t9fs
+case *; host=net!$1!t9fs
+}
+
+fn post {
+	echo 0 >$srv
+}
+if(test -f $srv || $client $host /bin/rc -c post){
+	~ $#mtpt 0 || mount $mopt $srv $mtpt
+}
diff --git a/sys/lib/dist/ndb/common b/sys/lib/dist/ndb/common
index ae7a3e2b0..b0e7a6480 100644
--- a/sys/lib/dist/ndb/common
+++ b/sys/lib/dist/ndb/common
@@ -286,7 +286,7 @@ tcp=rexexec port=17009
 tcp=ncpu port=17010
 tcp=cpu port=17013
 tcp=rcpu port=17019
-tcp=glenglenda1 port=17020
+tcp=t9fs port=17020
 tcp=glenglenda2 port=17021
 tcp=glenglenda3 port=17022
 tcp=glenglenda4 port=17023
diff --git a/sys/man/4/srv b/sys/man/4/srv
index e97487f9b..593b84aa8 100644
--- a/sys/man/4/srv
+++ b/sys/man/4/srv
@@ -1,6 +1,6 @@
 .TH SRV 4 
 .SH NAME
-srv, srvssh, 9fs \- start network file service
+srv, srvtls, srvssh, 9fs \- start network file service
 .SH SYNOPSIS
 .B srv
 [
@@ -17,6 +17,21 @@ srv, srvssh, 9fs \- start network file service
 .I mtpt
 ] ]
 .PP
+.B srvtls
+[
+.B -abcCnq
+] [
+.B -k
+.I keyspec
+]
+.RI [ net !] system\c
+.RI [! service ]
+[
+.I srvname
+[
+.I mtpt
+] ]
+.PP
 .B srvssh
 [
 .B -r
@@ -155,6 +170,18 @@ is an
 .IR rc (1)
 script; examine it to see what local conventions apply.
 .PP
+.I Srvtls
+is an
+.IR rc (1)
+command that uses
+.I tlsclient
+(see
+.IR tlssrv (8))
+to establish an mutual authenticated and encrypted connection
+to the
+.I t9fs
+service which by default listens on tcp port 17020.
+.PP
 .I Srvssh
 is an
 .IR rc (1)