diff --git a/docker-compose.yml b/docker-compose.yml
index eb28ec8e..13fb367b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -157,7 +157,7 @@ services:
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - MASTER=${MASTER:-y}
         - DEV_MODE=${DEV_MODE:-n}
-        - WEBAUTHN_RESPECT_ROOTCA=${WEBAUTHN_RESPECT_ROOTCA:-n}
+        - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
       restart: always
       networks:
         mailcow-network:
diff --git a/generate_config.sh b/generate_config.sh
index 8664b790..dceca957 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -344,10 +344,10 @@ DOVECOT_MASTER_PASS=
 # https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
 ACME_CONTACT=
 
-# Enable webauthn device manufacturer verification
-# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed
+# WebAuthn device manufacturer verification
+# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
-WEBAUTHN_RESPECT_ROOTCA=n
+WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
 EOF
 
diff --git a/update.sh b/update.sh
index 7565c9d7..2f03efff 100755
--- a/update.sh
+++ b/update.sh
@@ -307,7 +307,7 @@ CONFIG_ARRAY=(
   "ADDITIONAL_SERVER_NAMES"
   "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
-  "WEBAUTHN_RESPECT_ROOTCA"
+  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
 )
 
 sed -i --follow-symlinks '$a\' mailcow.conf
@@ -515,12 +515,12 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
       echo 'ACME_CONTACT=' >> mailcow.conf
   fi
-  elif [[ ${option} == "WEBAUTHN_RESPECT_ROOTCA" ]]; then
+  elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
     if ! grep -q ${option} mailcow.conf; then
-      echo "# Enable webauthn device manufacturer verification" >> mailcow.conf
-      echo '# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed' >> mailcow.conf
+      echo "# WebAuthn device manufacturer verification" >> mailcow.conf
+      echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
       echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
-      echo 'WEBAUTHN_RESPECT_ROOTCA=n' >> mailcow.conf
+      echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
     fi
 elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
     if ! grep -q ${option} mailcow.conf; then