Hosting Multiple SSL Certificates on a Single IP Address Using SNI

By Roy
January 8th, 2016
0 Comments
4min  read

It’s now possible to host multiple SSL certificates on a single IP address. Important, because IPv4 is becoming scarce, and prices are rising. Learn more about how SNI works in this post.

In a shared hosting environment, multiple users often need their own SSL certificates. However, this is a problem, because a dedicated IP address is required. IPv4 is officially exhausted, and dedicated IPs cost more money for both the customer and the host.

Furthermore, any request for new IP addresses must be justified to the regional internet registry (RIR). And soon SSL will no longer a good reason. It’s 2016. We have SNI now.

A dedicated IP is no longer needed to have a secure site.

Introducing SNI

Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) protocol. It’s the modern version of SSL.

Instead of security based on IP, SNI uses the virtual domain name. SNI dictates which hostname is being contacted on the server during the ‘handshake’. The server then selects the correct virtual domain. 

Simple Guide to Understanding SSL Certificates. In this article we explain, in an easily understandable manner, SSL protocol and SSL certificates. We’ll also discuss how SSL is established, types of certificates, and how to choose an SSL vendor.
Read More

For site visitors, nothing has changed. The browser still shows the certificate that verifies HTTPS security. In fact, for hosting users, nothing has changed either. SNI is treated like SSL in most modern panels like cPanel or Plesk.

Limitations of SNI

Not all web servers and client browser programs support SNI. Browsers that do not support SNI will look at the server (IP) default SSL, and likely fail, showing a certificate warning. Operating system can be another limitation – and a confusing one! For example, Windows XP with Internet Explorer does not support SNI, but XP with Firefox 2 or higher can.

However, anything not supporting SNI tends to be really old technology.

Minimum supported browsers (and OS combinations)

  • Internet Explorer 7 (Windows Vista or newer)

  • Mozilla Firefox 2

  • Opera 8
  • Google Chrome 1 (Windows Vista or newer)
  • Safari 3 (Mac OS X 10.5.6 / Windows Vista or newer)

  • MobileSafari (Apple iOS 4)
  • Default Browser on Android HoneyComb

Minimum supported web servers

  • Apache 2.2.12
  • Microsoft IIS 8

  • Nginx
  • Radware
  • Cherokee with TLS
6

  • Hiawatha 8.6
  • LiteSpeed 4.1
  • HAProxy 1.5

  • Ping Access 3
  • Lighttpd 1.4 with patch

Conclusion

SNI is a great feature, and helps make efficient use IPv4. Hosting service provider can save IP inventory, and website owners save  on the hosting bill. SNI is certainly a win-win situation.

As one of the first hosts to embrace SNI, EuroVPS has extensive knowledge in its setup. Let us secure your site today.

Roy
Veteran Linux/Windows support engineer @ EuroVPS since 2007. 

Can SSL Certificates actually Boost Your Conversion Rate?

Installing an SSL certificate on your website is cheap, easy, and is now officially a Google Ranking factor. But can it ...
Roy
17 Aug 2016   5min read   SSL Certificates

Ultimate Guide Understanding HTTP Status Codes – 300 Series

HTTP 300 status codes are reserved for redirects. Most redirects will be transparent to the end-user and are handled ent...
Roy
12 Dec 2019   10min read   300

The Ultimate Guide to Choosing a Managed Hosting Provider

Server problems can strike at all hours, catching you off-guard while you’re out walking the dog or catching some well-e...
Roy
26 Aug 2017   5min read   Managed Hosting