Server Name Indication (SNI) is a TLS extension that allows a server to serve multiple certificates at the same IP/port endpoint. The TLS server, or load balancer in this case, with SNI support, is usually configured with multiple certificates. The client specifies a hostname at the start of the TLS handshaking process allowing the server to present a certificate containing that hostname.
This additional TLS feature became necessary as HTTP headers from which the server can ascertain the hostname being requested are not available at the stage when TLS handshaking commences between client and server. Without SNI, other SSL/TLS certificate hostname approaches such as using wildcard hostnames or subject alternative names (SANs) will require certificate regeneration every time a new hostname is to be served.
SSL/TLS Termination with Server Name Indication (SNI) Support
Server-side SNI allows the simple addition of certificates for new hostnames to server configuration without affecting previously configured certificates and hostnames.
This can be configured under the SSL options of a Snapt Aria web server Load Balancer group or frontend.
Support for Server Name Indication (SNI) enabled backend servers
The Snapt Aria virtual Load Balancer can also proxy connections to SNI enabled servers. Options for this are available under server settings for either a group or frontend.
SSL/TLS Health Checking to Server Name Indication (SNI) enabled backend servers
Not only can the Snapt Ari Load Balancer terminate SSL connections for multiple hostnames at the same IP/Port using SNI, and proxy to SNI enabled backend servers, it also supports carrying out SNI-based TLS health checks to backend servers. This is secure – TLS – hostname-based health checking. Checks can be carried out in a secure manner over TLS to a particular hostname and its associated web services on a server that hosts multiple websites, for instance, over multiple hostnames.
These settings are available under the server health check options for network load balancer groups or frontends.