I see a lot of documentation on the https side - but I need to change the encryption overall. We are not allowed to use the “default” certificates. I think there is a flag to do this?
You just replace the files you mentioned.
Oh, and if the CN is not syncthing you need to configure the other side to expect whatever CN you have in your certificate, by way of the certName attribute on the remote device. (https://docs.syncthing.net/users/config.html#device-element)
Thanks, but if I replace them with new keys - will the device IDs change - as they are generated off the certificate with a hash?
Certainly, yes.
OK - is there a way to do this when syncthing starts - i.e. point to the certificate to be used when the config is created?
No, but if they are already present in the config directory Syncthing will use them instead of generating a new pair. So you can pre-create the directory and certificate+key, and on first startup Syncthing will generate the default config etc.
OK - so we need to fix the home directory prior to startup and copy the cert and use the -home option on startup
That should work, yes.
Thanks - not elegant - but functional
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.