SNI Support for Binding Multiple Certificates to a CLB Instance
Last updated: 2019-10-18 11:50:37PDF
What is SNI?
Server Name Indication (SNI) is designed to solve the problem that one server can only use one certificate so as to improve SSL/TLS extensions of the server and the client. If a server supports SNI, it means that the server can be bound to multiple certificates. To use SNI for the client, the domain name to connect to should be specified before SSL/TLS connections to the server are established, and then the server will return an appropriate certificate based on the domain name.
The SNI feature for CLB is currently in beta test. If you want to use it, please submit a ticket for application.
A layer-7 HTTPS CLB listener supports SNI, i.e., binding multiple certificates, which can be used by different domain names in the listening rules.
The prerequisites for binding multiple certificates using SNI are as follows:
- You have already purchased an Application CLB instance.
- The certificates have been obtained.
Purchasing a CLB Instance
Creating an HTTPS Listener and Configuring SNI
To create an HTTPS Listener, you first need to disable multi-domain name certificate sharing.
Multi-domain name certificate sharing means that multiple domain names on the server share one certificate, i.e., SNI is not enabled; disabling it is equivalent to enabling SNI, i.e., different domain names can use different certificates.
When adding a forwarding rule to the listener, you can select different server certificates for different domain names.