Live Chat
Same Certs
Cheapest Price Seal
Less Price

Server Name Indication (SNI): Get Rid of Multiple IPs Dilemma

Server Name Indication - SNI
Previously, every website required dedicated IP address to install an SSL certificate. However, the limitation of the number of IP addresses has triggered a requirement of SNI (Server Name Indication), which is a TLS protocol extension.

Requirement of SNI:

During the handshake, the browser asks for a digital certificate and the server has to send back the right certificate. If the name on the certificate is not matched with the desired webpage that the browser wished for, then it will show a warning message of failed connection. This dilemma leads to a perfect solution and helps the browser and the client to establish a successful connection.

How SNI Works:

Browsers that hold SNI will instantly communicate the website name that the visitor wants to connect in the beginning of the secured connection, as a result, the server easily knows and sends back the desired certificate. Even a visitor of the website will not be able to notice any difference in website loading time. Running multiple SSL certificates on a single IP address was quite difficult before few days, but Server Name Indication (SNI) has solved this problem. SNI is not a common practice because old browsers and OS do not support it. SNI also reduces the warning message arise out of failed connection with the website. A failed connection could also indicate man-in-the-middle attack.

Works on Different Scenario:

SNI technology has also resolved below scenarios while fixing SSL on website.

Multiple SSL on single IP Address:

With the help of SNI, you can also host multiple SSL on single IP address, strange but it is true. It means you have a www.domain.com, which you can use on multiple servers with the use of a private key. It also saves money and provides relief from buying multiple IP addresses for HTTPS websites.

Single SSL on multiple servers.

At the time of requesting a certificate, you have to generate private key on single server and then you have to paste it on others. You do not need to secure every server with different SSL certificate, so it will reduce certificate administration cost.

Browsers Support SNI:

Most renowned web browsers support SNI extension, including:

  • Internet Explorer 7+ on Windows Vista or newer.
  • Mozilla Firefox 2.0+
  • Opera 8.0+ (the TLS 1.1 protocol is required)
  • Opera Mobile, (10.1 beta version on Android)
  • Google Chrome (Windows Vista or newer, Windows XP requires Chrome 6 or higher, OS X 10.5.7 or newer requires Chrome 5.0.342.1 or higher)
  • Konqueror/KDE 4.7+
  • Mobile Safari for Apple iOS 4.0 or newer
  • Android standard browser on Honeycomb (v3.x) or higher
  • Windows Phone 7
  • MicroB on Maemo

Server Support SNI:

Many servers support SNI mentioned in below list:

  • Apache 2.2.12+, must use mod_ssl
  • Apache Traffic Server 3.2.0+
  • Cherokee (TLS support required)
  • All versions of lighttpd 1.4.x and 1.5.x with patch, or 1.4.24+ without patch
  • Nginx (required OpenSSL along with SNI support)
  • F5 Networks Local Traffic Manager, version 11.1+
  • G-WAN Web app. Server (required OpenSSL along with SNI support)
  • LiteSpeed 4.1+
  • Pound 2.6+
  • Apache Tomcat on Java 7+
  • Microsoft Internet Information Server IIS 8
  • Saetta Web Server via OpenSSL
  • Citrix NetScaler 9.2+
  • HAProxy 1.5+

Conclusion:

SNI helps to get the rid from difficulty in sending the required domain name to the browser amid multiple domain names. Long ago, organization has to pay for an extra amount for IP address, but with SNI, a single IP address can host multiple SSL certificates with no extra payment of cost. The only condition is, your hosting provider should support an SNI technology.

Cheap SSL Shop
4.8/5 overall satisfaction rating

Based on 2981 ratings from actual customers

Customer Reviews
"Not a new customer just a new account due to a name change. Love your prices and service. Thanks for everything! Jimmy - Prestacarts Global Commerce"
Jimmy Ray Warren J / TX, United States
"I have to say your tech "Mike" went out of his way to help me setup the CSR for our SSL. I am not a techie, and Mike was extremely helpful and patient with me. You need to hire more support personnel like Mike! Great job Mike!! Thank you for all your help!! Jana"
Jana K
"Been using you guys for several years. Clean built website with a great UI/UX that lets me get to what I need to buy quickly. I couldn't ask for more. Thanks!"
Devin N
5 Star
80%
4 Star
13%
3 Star
3%
2 Star
2%
1 Star
2%