SNI technology

The previous version of TLS which we used with all our servers didn’t recognize HTTPS requests that contained a domain name. It only worked correctly only if an IP address was “asked”. Thus, it was a requirement to have a dedicated IP for each domain that used a secured connection.

    Starting from the cPanel version 11.38 and higher, we are able to use SNI.

Server Name Indication (SNI) is an extension to the TLS protocol that indicates what hostname the client is attempting to connect.

This allows a server to present multiple certificates on the same IP address and port number and hence, allows multiple secure (HTTPS) websites (or any other service over TLS).

  However, unfortunately, there are a few issues that might appear:

SNI is incompatible with some old versions of web browsers.*

  • SNI does not work on Windows XP + any version Internet Explorer (6,7,8,9)
  • Internet Explorer 6 or earlier
  • Safari on Windows XP
  • BlackBerry Browser
  • Windows Mobile up to 6.5
  • Nokia Browser for Symbian at least on Series60
  • Opera Mobile for Symbian at least on Series60

The website will still be available via HTTPS, but a certificate mismatch error will appear.

Ways to resolve the issue: Use a different browser to access the website. Also, if the visitor agrees to use another certificate with an incompatible browser, the requested site will open up normally via HTTPS, but a different certificate will be used to establish a secured connection. On the contrary, all the visitors with incompatible browsers will see a warning message.

If you try to gain HTTPS access using a server IP address, issues might appear.

Using the IP address, the client will receive our "default" certificate which is set for each IP on the server (e.g., and reach the first site hosted on this IP, if an HTTPS request does not have the name of the site specified.

*The list of browsers that support SNI:

  • Internet Explorer 7 or later, on Windows Vista or higher
  • Mozilla Firefox 2.0 or later
  • Opera 8.0 (2005) or later (the TLS 1.1 protocol must be enabled)
  • Opera Mobile at least version 10.1 beta on Android
  • Google Chrome (Vista or higher, XP on Chrome 6 or newer, OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer)
  • Safari 3.0 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher)
  • Konqueror/KDE 4.7 or later
  • MobileSafari in Apple iOS 4.0 or later
  • Android default browser on Honeycomb (v3.x) or newer
  • Windows Phone 7
  • MicroB on Maemo
  • Odyssey on MorphO

96940 times

Need help? We're always here for you.