Server Name Indication (SNI) Print

  • SNI, IP Addresses, SSL
  • 1

Server Name Indication is a protocol that helps match domains to SSL certificates. A modern web server can serve multiple domains from a single IP address because it uses a virtual host to match each domain name to the domain's files on your server. Without SNI, that process doesn’t work for secure requests like SSL connections.

Normally, a secure connection is established before any information about the site is sent. This would mean your server only has the IP address to help it look for the SSL. If there were multiple domains on an IP address, Apache wouldn't know what certificate to look for. It's like looking for a book in a library but only knowing the author of the book: it's impossible to find the book you need without more information.

SNI solves this problem. When a browser requests a page, SNI adds the domain name to the request. This means it is easy for Apache to decide which SSL to provide, even if there are multiple domains on one IP address. Before SNI, a website needed to have a dedicated IP address in order to have an SSL certificate installed. Now multiple sites sharing an IP can have individual SSL certificates.

All modern browsers on currently supported operating systems now support SNI (anything running on Windows XP does not, nor do smartphones running an operating system older than about five years). The majority of newer servers also support SNI.

Linux servers that support SNI:

  • The server’s operating system must be CentOS 6 or higher.
  • The version of Apache running on the server must be 2.2 or higher.
  • For cPanel servers, cPanel must be version 11.38/40 or higher.

If your server meets these criteria, it supports SNI and you can have multiple sites with SSL certificates on the same IP address. There is no setting to enable or disable and no configuration files need to be adjusted for SNI to work; it does so automatically on any supported server.

Was this answer helpful?

« Back