Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sni]

Server Name Indication(SNI) is an extension of Transport Layer Security which allows multiple secure web sites, with separate certificates, to be hosted at the same IP address

Server Name Indication addresses a common issue where websites with an SSL certificate had to live on separate IPs. This exacerbated the IPv4 shortage, as well as defeated the purpose of virtual hosting, where multiple non-secured sites could share the same IP (note that websites sharing a common certificate can always share an IP).

SNI is based on IETF RFC 4366, which, as part of Transport Layer Security(TLS), allowed the hostname to be sent in the initial stages of the TLS handshake. This allowed websites with different certificates to be hosted on the same IP.

SNI is supported by all major browsers and all major web servers. It requires OpenSSL 0.9.8f or later

Browser Support

  • Mozilla Firefox 2.0 or later
  • Opera 8.0 or later (with TLS 1.1 enabled)
  • Internet Explorer 7.0 or later (on Vista, not XP)
  • Google Chrome
  • Safari 3.2.1 on Mac OS X 10.5.6

Server Support

  • Apache v2.2.12 or later
  • Nginx 0.5.32 or later
  • IIS 8.0 or later
191 questions
0
votes
1 answer

How to prevent other Apache 2.2 multiple VirtualHosts domains from accessing https (SSL_ERROR_BAD_CERT_DOMAIN) using SNI?

I am running Apache 2.2 on Ubuntu 14.04.4 LTS on a Linode server. I have multiple domains hosted on this machine (with only 1 IP address). I have a domain tbw.com hosted here for which I have an SSL certificate, and for which I want all…
siliconpi
  • 1,807
  • 6
  • 32
  • 46
0
votes
1 answer

Apache configuration using SNI and mix of SSL certs

Up to this point I've been using SNI in my ssl.conf file with Apache 2.2.31 I'm serving up different sites all in the same document root. For example: NameVirtualHost *:443 DocumentRoot "/var/www/html" ServerName…
Tom
  • 143
  • 2
  • 11
0
votes
3 answers

How to disable unconfigured HTTPS domains in apache2.4?

I want the server to respond to https://abc.def.com, but not to https://def.com, while still serving http://def.com when both domains point to the same IP address. I currently have a configuration something like that: Listen…
David
  • 103
  • 5
0
votes
0 answers

HTTPS requests to an SNI hosted site not loading non-ssl resources

I've got a site we just moved to SSL using SNI and have some odd behavior going on. If you make a browser request VIA HTTPS - the browser will not load all the resources, external fonts, css and js that are not explicitly linked via HTTPS. I can…
Sean Kimball
  • 869
  • 1
  • 8
  • 24
0
votes
1 answer

How to enable SNI with Apache in Redhat 5.11

I am on redhat 5.11. I want to enable SNI with apache, but I only have Apache/2.2.3 + OpenSSL 0.9.8e-fips-rhel5. I am in a very similar situation like this https://access.redhat.com/discussions/1320983 Based on this,…
kenpeter
  • 177
  • 1
  • 6
0
votes
3 answers

Server setup for SSL for sending and receiving emails?

I managed to setup one physical server using postfix, dovecot with mysql server. I do plan to use virtual domains and users. Current setup to send and receive emails. SENDING smtp.example.com RECEIVING pop.example.com Now the question, will a…
Louie Miranda
  • 121
  • 1
  • 1
  • 4
0
votes
1 answer

Dedicated server issues with SSL and IPs, content showing on wrong site

We have a number of sites on this dedicated server. Pages from one site are showing up on another site. Example: clientsite1.com (right site, no SSL installed) clientsite2.com (forwards to SSL, shows right site) clientsite1.com (no SSL installed,…
K. W.
  • 13
  • 2
0
votes
0 answers

How to configure HAProxy to use SNI for SSL enabled backends?

I have several backend web servers that have multiple vhosts and I want to use HAProxy in front of them. It doesn't appear that HAProxy is sending the hostname in the TLS connection to the backend servers. Here is an example of the backend…
Brandon
  • 53
  • 1
  • 8
0
votes
0 answers

Server returning 404 for only Baiduspider

I recently updated my website to enforce HTTPS for all requests. Everything appears to be working well after this change but Baidu's web crawler (Baiduspider) is receiving a 404 for all requests. The website is running as an Azure website in…
HBCondo
  • 101
  • 2
0
votes
1 answer

Browser gets two different SSL certificates instead of one (IE only)

It seems the problem appears only for IE11 (Win) users, for other OS and browsers HTTPS connection works fine. IE11 firstly gets outdated SSL certificate warning You ignore warning, proceed anyway After you proceed IE shows different certificate…
Luke
  • 3
  • 2
0
votes
3 answers

Strict SNI matching for Apache

I have multiple SSL vhosts and non-SSL vhosts served from a single server. If one of the non-ssl vhosts is accessed using "https", the first SSL directive is used. Is there some setting to make it so that only vhosts with explicitly matching server…
MirroredFate
  • 459
  • 5
  • 9
0
votes
1 answer

Understanding XP users accessing a UCC certificate on IIS8

I have a single IIS website which hosts 3 different websites all using the same UCC SSL certificate. (The code of my site examines the host header itself to decide which variation of the site to show). I fixed my most fatal mistake already for my…
Simon
  • 1,361
  • 2
  • 15
  • 20
0
votes
2 answers

Apache SSL virtual host using SNI ignores ServerName

I would like to serve SNI-enabled clients that send the wrong host name a 400 Bad Request, but Apache always serves the default virtual host in this situation. I cannot add a default virtual host that sends the 400 Bad Request status, because…
Jelle Raaijmakers
  • 3
  • 2
0
votes
1 answer

Nginx Vhosts with SSL

I have 3 domains running on an nginx server with ssl domain.pw domain.info domain.mobi i have sni enabled, and am using a vhost for each site. the host records for the site are all like this A Record: @ 1800 A Record: www
r3wt
  • 202
  • 1
  • 3
  • 10
0
votes
1 answer

From suPHP to mod_php

I have a Centos6 64-bit server, Apache/2.2.15, PHP5.3.3, one IP and four name-based virtual hosts and SSL/SNI to provide https in addition to http. All those hosts are assigned to different linux users. I have root access to server and all those…
Timo Kähkönen
  • 156
  • 1
  • 6
1 2 3
12 13