Category: All about SSL certificates
Server Name Indication is a recent extension of the TLS and SSL protocol that allows a browser to indicate at the beginning of the SSL connection which hostname the browser is connecting to. The main advantage of SNI is that it allows multiple SSL certificates to be associated with the same IP address of a web server, rather than having to provide a separate IP address for each SSL website.
The HTTP protocol has supported the concept of name-based virtual hosting since version 1.1. At the beginning of the connection to the web server, the browser specifies the hostname it wants to connect to, and this hostname is read from the host headers provided in the browser request. With an SSL connection, this is not possible by default, because the handshake of the SSL connection takes place before the browser request is decrypted and the web server can figure out which hostname is being requested.
Websites hosted on the same IP address must necessarily use the same SSL certificate, or have their own IP address, which is not appropriate with the current scarcity of IPv4 addresses.
So SNI solves this problem. SNI is an extension of the TLS protocol where the hostname is sent as "part" of the SSL/TLS handshake.
This allows the Web server to select the correct Web site and present the correct certificate to the browser.
Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!
