Server Name Indication enabled on all servers

A few weeks ago we enabled Server Name Indication (SNI) on all of our servers.

SNI allows you to use an SSL certificate for your secure site (https) without having to buy a dedicated IP address.

It works by having the browser send the hostname as part of the initial handshake so the webserver knows which certificate to use even if multiple certificates are used on the same IP address.

Note however that while SNI is supported by most modern browser some older browsers (notably all versions of Internet Explorer on Windows XP) don’t support it. If you choose to use SNI and someone visits your secure site with a browser that doesn’t support SNI they will receive our default certificate and their browser will display a certificate-mismatch warning.

This entry was posted in Server setup. Bookmark the permalink.

5 Responses to Server Name Indication enabled on all servers

  1. SAn says:

    Excelent! you are the best!

  2. NetSage says:

    Just wanted to say this was the reason I switched. While I also wanted better python support this made the decision really easy ;).

  3. Chris says:

    Does this work with all certificates, in particular Comodo PositiveSSL?

  4. Ivan says:

    It would be really cool if you support client certificates as well. I mean these with “SSLVerifyClient require”, for many of my clients it is the only reason why they still get dedicated servers.

Leave a Reply

Your email address will not be published. Required fields are marked *