diff --git a/certoperations.js b/certoperations.js
index dd441e50..80d3b394 100644
--- a/certoperations.js
+++ b/certoperations.js
@@ -1006,7 +1006,13 @@ module.exports.CertificateOperations = function (parent) {
         if (r.root == null) {
             // If the root certificate does not exist, create one
             console.log("Generating root certificate...");
-            rootCertAndKey = obj.GenerateRootCertificate(true, 'MeshCentralRoot', null, null, strongCertificate);
+            if (typeof args.rootcertcommonname == 'string') {
+                // If a root certificate common name is specified, use it.
+                rootCertAndKey = obj.GenerateRootCertificate(false, args.rootcertcommonname, null, null, strongCertificate);
+            } else {
+                // A root certificate common name is not specified, use the default one.
+                rootCertAndKey = obj.GenerateRootCertificate(true, 'MeshCentralRoot', null, null, strongCertificate);
+            }
             rootCertificate = obj.pki.certificateToPem(rootCertAndKey.cert);
             rootPrivateKey = obj.pki.privateKeyToPem(rootCertAndKey.key);
             obj.fs.writeFileSync(parent.getConfigFilePath('root-cert-public.crt'), rootCertificate);
diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 655f788d..09153ca4 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -199,7 +199,7 @@
           "type": "object",
           "properties": {
             "mongoDumpPath": { "type": "string" },
-            "mysqlDumpPath": { "type": "string"},
+            "mysqlDumpPath": { "type": "string" },
             "backupIntervalHours": { "type": "integer" },
             "keepLastDaysBackup": { "type": "integer" },
             "zipPassword": { "type": "string" },
@@ -250,6 +250,7 @@
             }
           }
         },
+        "rootCertCommonName" : { "type": "string", "default": "MeshCentralRoot-XXXXXX", "description": "The common name of the MeshCentral server root certificate. By default it's 'MeshCentralRoot-' followed by the first 6 HEX digits of the public key fingerprint. For this setting to take effect, all generated certificates need to be deleted and reset. Existing agents will not be able to connect anymore." },
         "redirects": { "type": "object" },
         "maxInvalidLogin": {
           "type": "object",