Updated on 2022-01-25 GMT+08:00

SNI

Scenarios

If an application provides multiple domain names and each domain name uses a different certificate, you can enable SNI when adding an HTTPS listener. SNI is an extension to TLS. It allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. Before SNI, one server can use only one certificate. SNI allows the client to submit the domain name information while sending an SSL handshake request. Once receiving the request, the load balancer queries the right certificate based on the domain name and returns it to the client. If no certificate is found, the load balancer will return a default certificate.

Prerequisites

A certificate has been created. For details, see Creating a Certificate.

Specify the domain name for the SNI certificate. Only one domain name can be specified for each certificate.

Procedure

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click Service List. Under Network, click Elastic Load Balance.
  1. Locate the target load balancer and click its name.
  2. Click Listeners and locate the target listener. In the Basic Information area, click Configure on the right of SNI.
  3. Enable SNI and select the SNI certificate to be used.
  4. Click OK.