SSL certificates and Server Name Indication (SNI) support

Posted:  May 14th, 2018

 

What is SNI?

 

Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.

 

As aforementioned, Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) protocol that enables servers to use multiple SSL certificates on one IP address.

 

In practical terms, this means:

 

> As the number of available IPv4 addresses becomes smaller and smaller, the remaining addresses can be allocated more efficiently.

 

> In most cases, you can run an SSL-enabled site without having to purchase a dedicated IP address. For more information, please read the following section.

 

Do I need to purchase a dedicated iP Address for my SSL Certificate?

 

The answer to this question depends on two things: whether your Hosting server supports SNI, and whether your site visitors use web browsers that support SNI.