Certificates not matching the description from the documentation?

Support
1

Hello,

I am new to Syncthing and have some questions about the certificates which are generated upon installation. It seems like my certificates are not matching the description of the certificate shown in the documentation. Maybe I am not understanding things correctly and you guys could help me out.

I have installed syncthing on my Raspberry Pi 3 which runs Raspbian Jessie.

  1. The cert.pem contains a public key which is generated via ecdsa and issued by syncthing. In the documentation it is written that this key should be generated via RSA. I searched through the forums if maybe something has changed and read that the Global Discovery-Servers changed from RSA to ECDSA. Is this the reason why the cert.pem is now using id-ecPublicKey as the Public Key Algorithm?

  2. I also found another certificate which is named https-cert.pem. This certificate is issued by my own Raspberry and contains a public key which is generated via RSA. My problem though is that the public key is only 2048 bits long. What is this certificate for?

  3. Also I would like to know why the validity of certificates is around 32 years and what happens if they run out?

I hope somebody could help me out here.

2

That’s for accessing the GUI over HTTPS.

3

Ah, thank you for the quick answer!

4
  1. It can be either. We moved to ECDSA not that long ago, and I personally would prefer ECDSA going forward. Feel free to file a pull request updating the docs.
  2. I don’t really care, as I am probably dead by then, and syncthing will run on quantum computers.
5

I don’t really care, as I am probably dead by then, and syncthing will run on quantum computers.

Or you will live inside of a quantum computer ;).

6

Feel free to file a pull request updating the docs.

How do I file a pull request?

7

The easiest way is to go to the site you want to modify on docs.syncthing.net. Then on the top right there is a button “Edit on Github”. This leads you to the corresponding file in the repo. On the top right of the content frame there is a pen symbol. Click it, edit the file to taste and follow the instructions to get the PR out.

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.