SNI and https problems

Jheroen · Jan 23, 2016

Hi all,

Our servers are configured to let SNI work, we like to have different https certificates on our main server IP adress.
Problem: one domain has https, other domains who do not have a certificate but try to set https://domain etc getting a wrong certificate error in the browser, the certificate from the https customer does appear as certificate for other non https domains on the same IP.

We like to know if there is a clear guide which we can use to configure our servers the right way so we can:

use multiple certificates on one server IP
we don't have problems with wrong certificate names on non https domains
use the posibilities SNI gives us

We use CentOs 6.7 + and recent apache and php versions.

Who knows the answer?

Jheroen · Jan 23, 2016

I maybe found it but have a question, here: Manage SSL Hosts - Documentation - cPanel Documentation

In the part SNI for Mail Services there is a setting that mentions Is Web SNI Required?
For the domains that do have a certificate atm this should be enabled but it appears as disabled while on SNI enabled servers this should be active. Maybe the lack of using the right setting here is the couse of the ssl/non ssl problem.

Question: how do i enable Is Web SNI Required? on a Installed SSL Host? I can't edit any, any help would be welcome

Another setting i found:
Is Primary Website on IP Address? Says Yes on the installed host but imho it should be no here because it's just one of the domains on this server

So two options:

Is Primary Website on IP Address = Yes (should be no?)
Is Web SNI Required? = No (should be yes?)

cPanelMichael · Jan 25, 2016

Jheroen said:
We like to know if there is a clear guide which we can use to configure our servers the right way so we can:

use multiple certificates on one server IP

we don't have problems with wrong certificate names on non https domains

use the posibilities SNI gives us

Hello

This document in particular answers the question:

SSL FAQ and Troubleshooting - Documentation - cPanel Documentation.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
S	cPanel/Webmail/WHM disable SNI redirect	Domain Management	5	Feb 5, 2018
W	SOLVED Hostname provided via SNI and hostname provided via HTTP have no compatible SSL setup	Domain Management	2	Sep 25, 2017
O	Can I convert dedicated ssl ips to sni?	Domain Management	4	Sep 16, 2016
E	SNI & Parked Domains	Domain Management	4	Oct 18, 2013
M	SNI / addon domains	Domain Management	5	Aug 21, 2013

Search

Search

SNI and https problems

Jheroen

Member

Jheroen

Member

cPanelMichael

Administrator