Versions Compared

Old Version 4

changes.mady.by.user Matt L

Saved on

compared with

New Version 5

changes.mady.by.user Matt L

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Server Name Indication (SNI) is an extension to the TLS protocol the TLS networking protocol that provides the hostname that the client is connecting to. This allows a server to support and provide multiple different SSL certificates on the same IP address and port number and hence therefore allows multiple secure (HTTPS) websites (or any other service over TLS) without the need for individual dedicated IPs for each domain.

Previous version of TLS , which we had used with all our servers, didn’t recognize HTTPS requests that contained the domain name. It only worked correctly only if an IP address was “asked”provided. ThusBecause of this, it was a requirement to required that each domain have a dedicated IP for each domain that used a secured connectionaddress if they needed to use SSL. Now, with the  cPanel version 11.38 and higher, we are able to use SNI. SNI is available for use. Unfortunately there are a few issues that might still appear:

 

If you try to gain HTTPS access using a server IP address, issues might appearmay occur.

Using the server's default IP address, the client connecting browser will receive our the "default" certificate which is set for each IP on the server's hostname (e.g. serverX.hostname.com) and reach the first site hosted on this IP, if an HTTPS request does not have the name of the site specified.

...

If SNI works for you, we will install the SSL certificate without ordering the need for a dedicated IP address.   You can obtain a dedicated IP address with any account for $24.00/year. In case you would like to request one, please open a ticket here.

...

SNI is incompatible with some old versions of the web browsers. * SNI does not work on:

  • Windows XP + any version Internet Explorer (6,7,8,9)any version) or Safari
  • Internet Explorer 6 or earlierSafari on Windows XP
  • BlackBerry Browser
  • Windows Mobile up to version 6.5
  • Nokia Browser for Symbian at least on Series60
  • Opera Mobile for Symbian at least on Series60

Web site The websites will still be available via HTTPS, but a certificate mismatch error will appear.

 


Ways to resolve the issue: Use a different browser to access the web site. Also if the visitor agrees to use , the user can accept another certificate with an incompatible browser , and the requested site will open up normally via HTTPS, but a different certificate will be used to establish the secured connection. On the contrary, all the Please note that all visitors with incompatible browsers will see the warning message.

 

*The list of browsers that support SNI:

...