Hosting multiple SSL certificates on a single IP address with SNI

Overview

All of our hosting services support the Server Name Indication (SNI) extension to the Transport Layer Security protocol. This makes it possible for Apache to use authentic SSL certificates for sites hosted on shared IP addresses. SNI helps to efficiently use IPv4 resources and provides the following benefits:

  • You can run any number of SSL sites with independent certificates on a single IPv4 address.
  • You can install independent SSL certificates on each of your sites. Now, there is no need to order an additional hosting account. Each account can install an SSL certificate even if there is only one shared IP address on the whole server.

Supported Browsers

SSL support with SNI on shared IP addresses requires that the user's browser supports SNI. Most modern web browsers support it (e.g., IE 7 and above, Firefox, Opera, and Chrome). However, there are a few outlier exceptions:

  • SNI does not work on Windows XP + any version Internet Explorer (6,7,8,9)
  • Internet Explorer 6 or earlier
  • Safari on Windows XP
  • BlackBerry Browser
  • Windows Mobile up to 6.5
  • Nokia Browser for Symbian at least on Series60
  • Opera Mobile for Symbian at least on Series60

Most of these exceptions are found when the end-user is running software that is incredibly out of date. To learn more about SNI and client software that supports it, refer to http://en.wikipedia.org/wiki/Server_Name_Indication.

Was this answer helpful? 8 Users Found This Useful (8 Votes)