Questions tagged [sni]

Server Name Indication(SNI) is an extension of Transport Layer Security which allows multiple secure web sites, with separate certificates, to be hosted at the same IP address

Server Name Indication addresses a common issue where websites with an SSL certificate had to live on separate IPs. This exacerbated the IPv4 shortage, as well as defeated the purpose of virtual hosting, where multiple non-secured sites could share the same IP (note that websites sharing a common certificate can always share an IP).

SNI is based on IETF RFC 4366, which, as part of Transport Layer Security(TLS), allowed the hostname to be sent in the initial stages of the TLS handshake. This allowed websites with different certificates to be hosted on the same IP.

SNI is supported by all major browsers and all major web servers. It requires OpenSSL 0.9.8f or later

Browser Support

Mozilla Firefox 2.0 or later
Opera 8.0 or later (with TLS 1.1 enabled)
Internet Explorer 7.0 or later (on Vista, not XP)
Google Chrome
Safari 3.2.1 on Mac OS X 10.5.6

Server Support

Apache v2.2.12 or later
Nginx 0.5.32 or later
IIS 8.0 or later

191 questions

votes

1 answer

What will happen if client call Apache server by IP and there are two SNI virtual hosts

We have a Apache 2.4 web server with a couple of virtual hosts with different certificates. I have set up SNI name based virtualhosts : ap.mmm.com and ac.mmm.com, it's working great. All on same IP (172.12.12.1) and same 443 port. The question is :…

asked Dec 18 '18 at 13:20

Uri Gorobets

votes

1 answer

How to split vpn traffic from https traffic on the same port using haproxy?

I have a following goal: Running softhether vpn and web applications both on port 443. I want all traffic to come to haproxy, which sends vpn to one container, and the rest to another container (traefik), which finally redistributes to respective…

haproxy sni softether

asked Sep 20 '18 at 21:09

BrandonSk

votes

1 answer

HAProxy does not perform SNI lookup

HAProxy v.1.5.18, 1.7.11, listening on a single IP address with a wildcard SSL certificate, I need to specify several backends with SNI lookup. There's a ton of config-files that all say req_ssl_sni -i hostname.example.com as ACL to use when…

ssl haproxy sni

asked Sep 14 '18 at 09:59

Vesper

votes

1 answer

Apache SNI config to send handshake alert: unrecognized_name

I am trying to achieve what some years ago was a problem due to miss configured servers that caused "handshake alert: unrecognized_name" when a SNI enabled client ( for Java 1.7 or bigger clients) would send during the handshake the Extension…

apache-2.4 sni

asked Jul 25 '18 at 13:45

razvanspt

votes

0 answers

Support virtualhost routing without SNI support in the client

We are trying to build a TCP proxy that can forward to multiple virtual hosts. The idea is that a single IP address can be used to route inbound requests to multiple internal IP addresses. The initial thought was to craft a TCP proxy in two parts, a…

proxy tcp sni

asked Jun 06 '18 at 15:04

Drew

votes

2 answers

Apache Canonical Host with one SSL certificate for with www. and without

Using SNI, there are multiple domains with their own SSL certificates (LetsEncrypt) on one IP address. For one of the primary domains, let's just say https://thedomain.tld, visiting https://www.thedomain.tld results in a browser error (mis-matching…

apache-2.4 mod-ssl sni

asked Apr 05 '18 at 03:25

conspireagainst

votes

3 answers

Dockerized Nginx + Certbot + tls-sni challenge not working on renewal

I have an existing service running using docker containers: nginx (nginx:1.13.5) node-api (node container) node-website (node container) I wanted to add SSL certificates for both api and website. So I've used certbot/certbot docker container to do…

nginx docker lets-encrypt sni

asked Nov 17 '17 at 05:47

maxwell2022

votes

1 answer

Sni multiple ssl on different virtualhosts Apache 2.4.10 (Debian)

Is it possible to set up multiple domains ssl on that apache version? I have site A -> ssl certificate A site B -> certificate B then each file has a virtualhost like this, but it's not working: only site A has certificate applied correctly, browser…

ssl apache-2.4 lets-encrypt sni

asked Jul 06 '17 at 12:59

Sam Provides

votes

1 answer

Can I configure IIS to listen to many, yet different cipher configurations of TLS?

I need to programmatically determine the TLS features of a client and underlying host based on Javascript. What webserver instance (apache, IIS, etc), allows for different configurations of SSL ciphers to be loaded under different hostnames? In…

ssl iis google-chrome sni cipher

asked Apr 18 '17 at 20:24

makerofthings7

8,911
34
121
197

votes

1 answer

Redirect all nginx traffic to SSL except one single php

I have a prestashop site which is all in SSL. The problem I have is that the paymemnt gateway return is unable to do it with SSL, so I have to create an exception on my nginx config to accept the callback url with HTTP. Here is what I tried (with no…

nginx ssl sni

asked Apr 03 '17 at 11:11

user2348511

votes

1 answer

LetsEncrypt and other CA mixed in Apache2.2 "overlap"

seems like i can't get another SSL-Certificate on my maschine running. I work on an Apache 2.2 and we got a domain with an SSLCertificate, signed by GlobalSign. Now i wanted to add another certificate (letsEncrypt) for another domain on the same…

apache-2.2 ssl sni

asked Mar 31 '17 at 14:15

Drey

votes

1 answer

SNI Apache SSL Certificate

For SNI Apache setup: Is it okay to: use one security certificate for all virtual hosts with aliases to the urls and Is there a difference between: using one security certificate for all virtual hosts with aliases to the urls and using a…

apache-2.4 ssl-certificate sni

asked Nov 03 '16 at 20:40

agent provocateur

votes

0 answers

Why can I access my IIS websites from internal LAN, but not externally when going over HTTPS

I have an IIS8.5 which hosts about 10 Websites. I also have a EV-SSL certificate from GoDaddy and a "normal" SSL Certificate signed by GoDaddy which I use for my sites. To get this working I had to setup SNI and force it to make sure the request of…

windows ssl iis iis-8.5 sni

asked Sep 23 '16 at 08:21

SimonS

votes

0 answers

Apache httpd2.4 - VirtualHost and _default_ Configuration Hierarchy

I have httpd 2.4 on RHEL7 and experimenting SNI integration before apply it to production environment. I experienced an interesting behavior. Server always serve the matched virtualhost content of www.example.org with the certificate specified…

apache-2.4 virtualhost sni

asked Aug 29 '16 at 11:12

Aesnak

votes

1 answer

Nginx SNI and Letsencrypt on FreeBSD; Wrong certificate?

I have a VPS with 14 domains and I setup letskencrypt to automatically retrieve a separate certificate for each domain with all sub-domains included. So, I have 14 certs. Obviously, putting all domains in one cert is not an option because soon I'll…

nginx ssl https sni lets-encrypt

asked Aug 29 '16 at 09:25

Mamadou Babaei

Prev 1 2 3

…

12 13 Next