25th Anniversary Savings | 25% Off Dedicated Servers*Shop Now
25th Anniversary Savings | 25% Off VPS Hosting* †††Shop Now
Dedicated Hosting Deals | From $99/moShop Now
Earn hosting credits and a chance to win an Amazon gift card when you refer friends to Liquid Web!Read our promo rules

What is the Server Name Indication (SNI) Protocol?

Posted on by dpepper
Category: Technical Support | Tags: SNI
Reading Time: 2 minutes

The Server Name Indication protocol (SNI) allows a web server such as Apache to determine the domain name for which a particular secure incoming connection is intended outside of the page request itself.

While that may not sound like much, its impact is quite significant.

What SNI Means for You

Prior to SNI, a website needed to have a dedicated IP address in order to have an SSL certificate installed. Now, however, multiple sites sharing a single IP all can have their own SSL certificates.

A modern web server is able to serve multiple domains from a single IP address because it uses a virtual host to map each domain name to an associated document root. That process doesn’t work for secure requests, though, because the secure connection is negotiated prior to any headers being sent.

As such, the server only can present the SSL certificate that is installed on the IP address targeted by the inbound connection, so each domain name making use of secure connections must have its own dedicated IP address.

SNI changes this by allowing virtual hosts to be used for HTTPS requests as well. It does so by extending the Transport Layer Security (TLS) protocol to include the domain name as part of the process of negotiating a secure connection. Since SNI allows the web server to know the specific domain for which an incoming connection is intended, it can present the SSL certificate associated with that domain and complete the secure connection.

Does Your Server Support SNI?

It’s important to note that all modern browsers on currently supported operating systems now support SNI (anything running on Windows XP does not, nor do smartphones running an operating system older than about five years). Whether your cPanel server also supports the protocol depends on a few key factors:

  • The server’s operating system must be CentOS 6 or higher.
  • The server’s cPanel version must be 11.38/40 or higher.
  • The version of Apache running on the server must be 2.2 or higher.

If your server meets all three of those criteria, it supports SNI and you can have multiple sites with SSL certificates on the same IP address. There is no setting to enable or disable, and no configuration files need to be adjusted for SNI to work; it does so automatically on any supported server.

Avatar for dpepper

About the Author: dpepper

Latest Articles

How to Install Adminer MySQL Database Management Tool on AlmaLinux

Read Article

What is CGI-Bin and What Does it Do?

Read Article

Top 10 Password Security Standards

Read Article

Top 10 Password Security Standards

Read Article

How to Use the WP Toolkit to Secure and Update WordPress

Read Article