I created 2 self signed certificates using the following command:
openssl req -x509 -newkey rsa:2048 -keyout c:\temp\key.pem -out c:\temp\cert.pem -days 365 -nodes
When I try to sync - I get the following error:
Bad certificate from P00434 at10.2.8.2:53534-10.2.11.23:22000/tcp-client/TLS1.3-TLS_AES_128_GCM_SHA256:x509: certificate is not valid for any names, but wanted to match syncthing
Is there anything obvious that I have done wrong? I set the certName it is the same.
I deleted the config and restarted to be sure the config used the cert. (key.pem and cert.pem)
This is a windows box running syncthing 1.6.1
You need to set the certificate common name to “syncthing” or adjust the
certName conf option to something else if you choose to use that (see end of https://docs.syncthing.net/dev/device-ids.html#connection-establishment).
Already done this - it is the same regardless of the certName
I can set the commonName to syncthing for testing
Sure, try that out.
Effectively the error is saying that the certName in the config does not match what’s in the certificate.
If the certificate has SAN extension, it will not use commonName, it will use the SAN entries.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.