diff --git a/common.js b/common.js
index 307d2ce7..d2c0c28b 100644
--- a/common.js
+++ b/common.js
@@ -106,7 +106,7 @@ module.exports.random = function (max) {
     return r;
 };
 
-// Split a comma seperated string, ignoring commas in quotes.
+// Split a comma separated string, ignoring commas in quotes.
 module.exports.quoteSplit = function (str) {
     var tmp = '', quote = 0, result = [];
     for (var i in str) { if (str[i] == '"') { quote = (quote + 1) % 2; } if ((str[i] == ',') && (quote == 0)) { tmp = tmp.trim(); result.push(tmp); tmp = ''; } else { tmp += str[i]; } }
diff --git a/docs/docs/meshcentral/config.md b/docs/docs/meshcentral/config.md
index ca696d19..ee1b2bbf 100644
--- a/docs/docs/meshcentral/config.md
+++ b/docs/docs/meshcentral/config.md
@@ -113,7 +113,7 @@ See description for information about each item.
         "agentSignLock": { "type": "boolean", "default": false, "description": "When code signing an agent using authenticode, lock the agent to only allow connection to this server. (This is in testing, the default value will change to true in the future)." },
         "agentTimeStampServer": { "type": [ "boolean", "string" ], "default": "http://timestamp.comodoca.com/authenticode", "description": "The time stamping server to use when code signing Windows executables. When set to false, the executables are not time stamped." },
         "agentTimeStampProxy": { "type": [ "boolean", "string" ], "description": "The HTTP proxy to use when contacting the time stamping server, if false, no proxy is used. By default, the npmproxy value is used." },
-        "ignoreAgentHashCheck": { "type": [ "boolean", "string" ], "default": false, "description": "When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only. You can also set this to a comma seperated list of IP addresses to ignore, for example: \"192.168.2.100,192.168.1.0/24\"." },
+        "ignoreAgentHashCheck": { "type": [ "boolean", "string" ], "default": false, "description": "When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only. You can also set this to a comma separated list of IP addresses to ignore, for example: \"192.168.2.100,192.168.1.0/24\"." },
         "exactPorts": { "type": "boolean", "default": false, "description": "When set to true, MeshCentral will only grab the required TCP listening ports or fail. It will not try to use the next available port of it's busy." },
         "allowLoginToken": { "type": "boolean", "default": false },
         "StrictTransportSecurity": { "type": ["boolean", "string"], "default": null, "description": "Controls the Strict-Transport-Security header, default is 1 year. Set to false to remove, true to force enable, or string to set a custom value. If set to null, MeshCentral will enable if a trusted certificate is set." },
diff --git a/meshctrl.js b/meshctrl.js
index 5f068888..1f2fd35c 100644
--- a/meshctrl.js
+++ b/meshctrl.js
@@ -398,7 +398,7 @@ if (args['_'].length == 0) {
                         console.log("  --group [groupname]    - Filter by group name (or --id).");
                         console.log("  --count                - Only return the device count.");
                         console.log("  --json                 - Show result as JSON.");
-                        console.log("  --csv                  - Show result as comma seperated values.");
+                        console.log("  --csv                  - Show result as comma separated values.");
                         console.log("  --filter \"[filter]\"  - Filter devices using a filter string.");
                         console.log("     \"x\"                  - Devices with \"x\" in the name.");
                         console.log("     \"user:x or u:x\"      - Devices with \"x\" in the name of currently logged in user.");
@@ -469,7 +469,7 @@ if (args['_'].length == 0) {
                         console.log("  --resetpass                 - Request password reset on next login.");
                         console.log("  --realname [name]           - Set the real name for this account.");
                         console.log("  --phone [number]            - Set the account phone number.");
-                        console.log("  --rights [none|full|a,b,c]  - Comma seperated list of server permissions. Possible values:");
+                        console.log("  --rights [none|full|a,b,c]  - Comma separated list of server permissions. Possible values:");
                         console.log("     manageusers,backup,restore,update,fileaccess,locked,nonewgroups,notools,usergroups,recordings,locksettings,allevents");
                         break;
                     }
@@ -486,7 +486,7 @@ if (args['_'].length == 0) {
                         console.log("  --resetpass                 - Request password reset on next login.");
                         console.log("  --realname [name]           - Set the real name for this account.");
                         console.log("  --phone [number]            - Set the account phone number.");
-                        console.log("  --rights [none|full|a,b,c]  - Comma seperated list of server permissions. Possible values:");
+                        console.log("  --rights [none|full|a,b,c]  - Comma separated list of server permissions. Possible values:");
                         console.log("     manageusers,backup,restore,update,fileaccess,locked,nonewgroups,notools,usergroups,recordings,locksettings,allevents");
                         break;
                     }
@@ -627,7 +627,7 @@ if (args['_'].length == 0) {
                         console.log("    16 = Terminal prompt for user consent.");
                         console.log("    32 = Files prompt for user consent.");
                         console.log("    64 = Desktop show connection toolbar.");
-                        console.log("  --invitecodes [aa,bb]  - Comma seperated list of invite codes, blank to clear.");
+                        console.log("  --invitecodes [aa,bb]  - Comma separated list of invite codes, blank to clear.");
                         console.log("    --backgroundonly     - When used with invitecodes, set agent to only install in background.");
                         console.log("    --interactiveonly    - When used with invitecodes, set agent to only run on demand.");
                         break;
@@ -745,7 +745,7 @@ if (args['_'].length == 0) {
                         console.log("\r\nRequired arguments:\r\n");
                         console.log("  --msg [message]        - Message to display.");
                         console.log("\r\nOptional arguments:\r\n");
-                        console.log("  --user [userid]        - Send the message to the speficied user.");
+                        console.log("  --user [userid]        - Send the message to the specified user.");
                         break;
                     }
                     case 'deviceinfo': {
diff --git a/public/commander.htm b/public/commander.htm
index 463fd609..854bf295 100644
--- a/public/commander.htm
+++ b/public/commander.htm
@@ -1061,7 +1061,7 @@ v={name:"extKeyUsage"};Q("d11_cu4").checked&&(v.serverAuth=!0);Q("d11_cu5").chec
 function GenerateKeyPairResponse4(b,c,a,d){200!=d?messagebox("Issue Certificate","Failed to generate key pair. Status: "+d):PullCertificates()}function certificateAdded(b,c,a,d){200!=d||0!=a.Body.ReturnValue?messagebox("Add Certificate","Unable to add certificate, error "+(200!=d?d:a.Body.ReturnValueStr)):PullCertificates()}function certificateRemoved(b,c,a,d){200!=d?messagebox("Remove Certificate","Unable to remove certificate, error "+d):PullCertificates()}
 function getInputElement(b){var c=document.getElementsByTagName("input");for(t=0;t<c.length;t++)if(c[t].id==b)return c[t]}function getSelectElement(b){var c=document.getElementsByTagName("select");for(t=0;t<c.length;t++)if(c[t].id==b)return c[t]}
 function showSetTlsSecurityDlg(b){if(!xxdialogMode){b="<div style=height:26px;margin-top:4px><select onchange=showSetTlsSecurityDlgUpdate() id=tlscert style=float:right;width:260px><option value=-1>No Certificate, TLS Disabled</option>";for(var c in xxCertificates)0==xxCertificates[c].TrustedRootCertficate&&xxCertificates[c].XPrivateKey&&(b+="<option value="+c+">"+xxCertificates[c].XSubject.CN+"</option>");b+="</select><div style=padding-top:4px>Certificate</div></div><div style=height:26px;margin-top:4px><select id=tlsremote style=float:right;width:260px onchange=showSetTlsSecurityDlgUpdate()><option value=0>Server-auth TLS only</option><option value=1>Server-auth, non-TLS allowed</option>";
-b+="<option value=2>Mutual-auth TLS only</option><option value=3>Mutual-auth, non-TLS allowed</option>";b+='</select><div style=padding-top:4px>Security</div></div><div style=height:26px id=d11rcn title="Comma seperated list of certificate common names that will be allowed to connect remotely."><input id=d11_rcn style=float:right;width:260px onkeyup=showSetTlsSecurityDlgUpdate() placeholder="name1, name2"><div style=padding-top:4px>Remote CN\'s</div></div>';setDialogMode(11,"TLS Settings",3,showSetTlsSecurityDlgOk,
+b+="<option value=2>Mutual-auth TLS only</option><option value=3>Mutual-auth, non-TLS allowed</option>";b+='</select><div style=padding-top:4px>Security</div></div><div style=height:26px id=d11rcn title="Comma separated list of certificate common names that will be allowed to connect remotely."><input id=d11_rcn style=float:right;width:260px onkeyup=showSetTlsSecurityDlgUpdate() placeholder="name1, name2"><div style=padding-top:4px>Remote CN\'s</div></div>';setDialogMode(11,"TLS Settings",3,showSetTlsSecurityDlgOk,
 b);if(0==xxTLSCredentialContext.length||0==xxTlsSettings[0].Enabled||0==xxTlsSettings[1].Enabled)getSelectElement("tlscert").value=-1;else for(c in b=xxTLSCredentialContext[0].ElementInContext.ReferenceParameters.SelectorSet.Selector.Value,xxCertificates)xxCertificates[c].InstanceID==b&&(getSelectElement("tlscert").value=c);c=1-("Intel(r) AMT LMS TLS Settings"==xxTlsSettings[0].InstanceID?0:1);getSelectElement("tlsremote").value=(1==xxTlsSettings[c].MutualAuthentication?2:0)+(1==xxTlsSettings[c].AcceptNonSecureConnections?
 1:0);xxTlsSettings[c].TrustedCN&&(Q("d11_rcn").value=MakeToArray(xxTlsSettings[c].TrustedCN).join(", "));showSetTlsSecurityDlgUpdate()}}function showSetTlsSecurityDlgUpdate(){var b=getSelectElement("tlscert").value;QE("tlsremote",-1!=b);QV("d11rcn",-1!=b&&1<getSelectElement("tlsremote").value);b=!0;1<getSelectElement("tlsremote").value&&!splitDomains(Q("d11_rcn").value)&&(b=!1);QE("c106",b)}var setTlsSecurityPendingCalls,setTlsSecurityDeleteCredentialContext;
 function showSetTlsSecurityDlgOk(){var b=getSelectElement("tlscert").value,c=getSelectElement("tlsremote").value,a=Clone(xxTlsSettings);setTlsSecurityPendingCalls=0;setTlsSecurityDeleteCredentialContext=null;if(-1!=b){if(0<xxTLSCredentialContext.length){var d=Clone(xxTLSCredentialContext[0]);d.ElementInContext.ReferenceParameters.SelectorSet.Selector.Value=xxCertificates[b].InstanceID;amtstack.Put("AMT_TLSCredentialContext",d,setTlsSecurityResponse,0,1)}else amtstack.Create("AMT_TLSCredentialContext",