Certificate errors

rogerAppleby · June 2, 2020, 5:37pm

I created 2 self signed certificates using the following command: openssl req -x509 -newkey rsa:2048 -keyout c:\temp\key.pem -out c:\temp\cert.pem -days 365 -nodes

When I try to sync - I get the following error: Bad certificate from P00434 at10.2.8.2:53534-10.2.11.23:22000/tcp-client/TLS1.3-TLS_AES_128_GCM_SHA256:x509: certificate is not valid for any names, but wanted to match syncthing

Is there anything obvious that I have done wrong? I set the certName it is the same.

I deleted the config and restarted to be sure the config used the cert. (key.pem and cert.pem)

This is a windows box running syncthing 1.6.1

imsodin · June 2, 2020, 5:55pm

You need to set the certificate common name to “syncthing” or adjust the certName conf option to something else if you choose to use that (see end of https://docs.syncthing.net/dev/device-ids.html#connection-establishment).

rogerAppleby · June 2, 2020, 5:56pm

Already done this - it is the same regardless of the certName

rogerAppleby · June 2, 2020, 5:57pm

I can set the commonName to syncthing for testing

AudriusButkevicius · June 2, 2020, 6:08pm

Sure, try that out.

Effectively the error is saying that the certName in the config does not match what’s in the certificate. If the certificate has SAN extension, it will not use commonName, it will use the SAN entries.

system · July 2, 2020, 6:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.