Standing for server name indication, SNI is an TLS protocol extension that allows a server to connect multiple SSL certificates a single IP address.
Definition
Standing for server name indication (SNI), this extension to the TLS protocol allows a server to connect multiple SSL certificates to a single IP address.
Function
TLS connections require the client to request a digital certificate from the web server. The client then compares the target name to the name on the certificate; this is often referred to as the SSL or TLS “handshake.” This operation functions as a useful safeguard against security breaches, but in practice, this restricts all HTTPS servers to serving only one domain per IP address because TLS does not permit name-based virtual hosting.
Name-based virtual hosting allows a web server to host multiple sites on a single IP address by using the client’s hostname HTTP header to select the appropriate site. HTTPS servers traditionally refuse virtual hosting because the TLS handshake occurs before the server can read the hostname header.
SNI allows a web server to host multiple sites on a single IP address through an extension to this handshake. This extension enables a client to specify the requested domain in the initial TLS request, thereby allowing the server to select the appropriate SSL certificate to send back to the client for verification.
Supported browsers
Most popular web browsers and modern operating systems support SNI. Unsupported browsers will receive a default certificate and will often issue a certificate warning. Some notable exceptions include Internet Explorer 6 and earlier and Windows versions older than Vista.
Application
Name-Based SSL with SNI is an extension to SSL that allows shared IPs to serve SSL-enabled websites in an efficient way. As such, sites on a dedicated IP are no longer required to use SSL. SSL certificates can be installed for the primary and all secondary domains in a SiteWorx account, even if they use the server's primary shared IP.
Installing the SSL certificates no longer requires extra workarounds or troubleshooting; simply installing the certificate through SiteWorx for the appropriate domain is sufficient.
