How to run multiple SSL certificates on the same IP address ? Server Name Indication SNI can help you run multiple SSL certificates on the same IP, so that virtual hosting websites can also use SSL certificates.
What is SNI
Server Name Indication SNI is an important part of SSL. SNI allows multiple websites to exist on the same IP address. Without SNI, each hostname would need its own IP address in order to install an SSL certificate.
Why Name-Based Hosting Doesn't Handle SSL Well
In the old days of HTTP, it wasn't hard to solve the problem of having multiple websites hosted on the same IP address with name-based hosts. When a client requests a particular website, it uses a unique HTTP header that includes the expected hostname. In response, the server matches that header to the intended website and delivers the user there.
Sadly, this trick doesn't work when you're using HTTPS. Because SSL requires an SSL handshake before an encrypted connection can be established between the client and server. The HTTP header containing the target hostname can only be downloaded after the handshake is complete, which means the server doesn't know which website to connect to.
What can SNI do?
Server Name Indication is an extension to the SSL/TLS protocol that allows multiple SSL certificates to be hosted on a single IP address. The way SNI does this is by inserting HTTP headers into the SSL handshake. Since the server can see the expected hostname during the handshake, it can connect the client to the requested website.
Before SNI, every website had to have a unique IP address. This is undoubtedly expensive and has the unintended side effect of quickly consuming IPv4 IP addresses.
We know that the number of IP addresses is limited, and IPv4 assigns an address to each device participating in a computer network that communicates using the Internet Protocol. An IPv4 IP address looks like this:
There are only about 4 billion IPv4 IP addresses in the world, and all addresses will eventually be exhausted. Before SNI, consumption was much faster than it is now. The existence of SNI is undoubtedly extending the life of IPv4.
Eventually, the Internet will migrate to IPv6. There will be more than 340 billion IPv6 addresses available for human use.
What is the outlook for SNI
The biggest disadvantage of SNI is its extensibility. Therefore, people were not optimistic about this technology at first. But such fears have proven largely unfounded.
According to Akamai, almost 98% of customers today require HTTPS-enabled websites to support SNI.
relevant information:
IIS6.0 multi-site enables a multi-domain SSL certificate configuration method
If your IIS server is version 6.0, it may appear when deploying a multi-domain SSL certificate on multiple sites: port 443 is occupied or both sites will point to the same site when using https to access the two sites. This article introduces the implementation of...
Installation and Deployment Guide for Multi-domain SSL Certificates and Wildcard SSL Certificates
For general single-domain SSL certificates, since only one port 443 is used as the default SSL port in one physical server (one IP), if there are other web servers to install SSL certificates, other ports can only be used. But WoSign more...
How does the Apache server deploy different SSL certificates for different domain names
First of all, you need to know how to deploy an SSL certificate on Apache, please refer to the Apache SSL certificate deployment guide. Let's take a look at how the Apache server implements different SSL certificates for different domain names. You can deploy all your site configuration in one...
How to install SSL certificate? Common server SSL certificate installation methods
Code Signing Certificate Usage Guide Client Certificate Usage Guide Certificate Deployment Guide...https is more and more widely used, and more and more sites use SSL certificates. ...and before installing the SSL certificate, you have to make a CSR on the server...