What is the Server Name Indication (SNI) Protocol?

Posted on by dpepper
Category: Technical Support | Tags: SNI
Reading Time: 2 minutes

The Server Name Indication protocol (SNI) allows a web server such as Apache to determine the domain name for which a particular secure incoming connection is intended outside of the page request itself.

While that may not sound like much, its impact is quite significant.

What SNI Means for You

Prior to SNI, a website needed to have a dedicated IP address in order to have an SSL certificate installed. Now, however, multiple sites sharing a single IP all can have their own SSL certificates.

A modern web server is able to serve multiple domains from a single IP address because it uses a virtual host to map each domain name to an associated document root. That process doesn’t work for secure requests, though, because the secure connection is negotiated prior to any headers being sent.

As such, the server only can present the SSL certificate that is installed on the IP address targeted by the inbound connection, so each domain name making use of secure connections must have its own dedicated IP address.

SNI changes this by allowing virtual hosts to be used for HTTPS requests as well. It does so by extending the Transport Layer Security (TLS) protocol to include the domain name as part of the process of negotiating a secure connection. Since SNI allows the web server to know the specific domain for which an incoming connection is intended, it can present the SSL certificate associated with that domain and complete the secure connection.

Does Your Server Support SNI?

It’s important to note that all modern browsers on currently supported operating systems now support SNI (anything running on Windows XP does not, nor do smartphones running an operating system older than about five years). Whether your cPanel server also supports the protocol depends on a few key factors:

  • The server’s operating system must be CentOS 6 or higher.
  • The server’s cPanel version must be 11.38/40 or higher.
  • The version of Apache running on the server must be 2.2 or higher.

If your server meets all three of those criteria, it supports SNI and you can have multiple sites with SSL certificates on the same IP address. There is no setting to enable or disable, and no configuration files need to be adjusted for SNI to work; it does so automatically on any supported server.
 

Avatar for dpepper

About the Author: dpepper

Refer a Friend
Get 33% off the first 3 months on a new VPS!
Categories
Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

Tutorials

How to Configure Remote Desktop to Transfer Files

Read Article
Other

What is VMware Fusion?

Read Article
Common Fixes

Five Steps to Create a Robots.txt File for Your Website

Read Article
Products

Premium Business Email Pricing FAQ

Read Article
Security Bulletins

Microsoft Exchange Server Security Update

Read Article