certName / usage scenario?

Hey all, I read about the certName option and have some question marks.

Does certName affects the internal generation of the cert.pem certificate?

Scenario: Installing a new instance with a pre deployed config.xml with


or is this option just for the cases where the cert file is “manually/off site” generated and placed? Thanks.

Yes. Its just for certificates generated by something else.

1 Like

Ok, thanks.

While evaluating the manual process in creating an equivalent cert.pem I noticed following:

I’m using

go run $(go env GOROOT)/src/crypto/tls/generate_cert.go --host=syncthing --ecdsa-curve=P384 --duration=$((20*24*365))h

for the custom cert.pem.

One difference to the syncthing cert.pem is, that syncthing adds KeyEncipherment to the KeyUsage list.


but following stanza cames from golangs lib:


// Only RSA subject keys should have the KeyEncipherment KeyUsage bits set. In
// the context of TLS this KeyUsage is particular to RSA key exchange and
// authentication.

Just want to mention it here for further assessment …

Is that causing issues?

We used to use RSA keys which is probably why it’s still there.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.