Hosting Multiple SSL Certificates on a Single IP Address Using SNI


It’s now possible to host multiple SSL certificates on a single IP address. Important, because IPv4 is becoming scarce, and prices are rising. Learn more about how SNI works in this post.

In a shared hosting environment, multiple users often need their own SSL certificates. However, this is a problem, because a dedicated IP address is required. IPv4 is officially exhausted, and dedicated IPs cost more money for both the customer and the host.

Furthermore, any request for new IP addresses must be justified to the regional internet registry (RIR). And soon SSL will no longer a good reason. It’s 2016. We have SNI now.

A dedicated IP is no longer needed to have a secure site.

Introducing SNI

Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) protocol. It’s the modern version of SSL.

Instead of security based on IP, SNI uses the virtual domain name. SNI dictates which hostname is being contacted on the server during the ‘handshake’. The server then selects the correct virtual domain. 

Simple Guide to Understanding SSL Certificates. In this article we explain, in an easily understandable manner, SSL protocol and SSL certificates. We’ll also discuss how SSL is established, types of certificates, and how to choose an SSL vendor.
Read More

For site visitors, nothing has changed. The browser still shows the certificate that verifies HTTPS security. In fact, for hosting users, nothing has changed either. SNI is treated like SSL in most modern panels like cPanel or Plesk.

Limitations of SNI

Not all web servers and client browser programs support SNI. Browsers that do not support SNI will look at the server (IP) default SSL, and likely fail, showing a certificate warning. Operating system can be another limitation – and a confusing one! For example, Windows XP with Internet Explorer does not support SNI, but XP with Firefox 2 or higher can.

However, anything not supporting SNI tends to be really old technology.

Minimum supported browsers (and OS combinations)

  • Internet Explorer 7 (Windows Vista or newer)

  • Mozilla Firefox 2

  • Opera 8
  • Google Chrome 1 (Windows Vista or newer)
  • Safari 3 (Mac OS X 10.5.6 / Windows Vista or newer)

  • MobileSafari (Apple iOS 4)
  • Default Browser on Android HoneyComb

Minimum supported web servers

  • Apache 2.2.12
  • Microsoft IIS 8

  • Nginx
  • Radware
  • Cherokee with TLS
6

  • Hiawatha 8.6
  • LiteSpeed 4.1
  • HAProxy 1.5

  • Ping Access 3
  • Lighttpd 1.4 with patch

Conclusion

SNI is a great feature, and helps make efficient use IPv4. Hosting service provider can save IP inventory, and website owners save  on the hosting bill. SNI is certainly a win-win situation.

As one of the first hosts to embrace SNI, EuroVPS has extensive knowledge in its setup. Let us secure your site today.