How can I configure SNI (Server Name Indication) to set up shared IP SSL certificates?

What is SNI?

Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS.

So how can I set up SNI?

It's possible to install an SSL certificate on a shared IP address which is then shared among all websites using the same IP address.  If you would like to use a seperate SSL certificate per website you would need to enable SNI in Directadmin (http://directadmin.com/features.php?id=1100)

Important side note:
In some cases it's not activated right away, if this is happening please try the following:

echo "SSLStrictSNIVHostCheck off" >> /etc/httpd/conf/httpd.conf 
service httpd restart 
echo "enable_ssl_sni=1" >> /usr/local/directadmin/conf/directadmin.conf 
service directadmin restart

 

 

 

Hebt u meer vragen? Een aanvraag indienen

0 Opmerkingen

Artikel is gesloten voor opmerkingen.