JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and timestamping. Further information


Install several SSL certificates on a same machine / IP : TLS SNI

Can we configure several X509 / SSL certificates on a single server and a single IP number? The answer is yes thanks to SNI (Server Name Indication). This protocol is now recognized by most browsers. However, it can cause problems on old web browsers, in this case :

  • Your websites are subdomains of a main domain (*.domain.com)
    Use a Wildcard certificate

  • Your websites have miscellaneous names and you only have one IP address
    Use a Multiple Sites certificates (SSL SAN)

  • Your websites have miscellaneous names and you have several IP addresses
    Use one server certificate for each IP.

Warning: it is generally not possible to put more than one SSL certificate per IP address and port number pair (except with TLS SNI, see below). Indeed, the SSL negotiation takes place before sending the HTTP headers which allow to detect which server is requested (on servers which do multihosting with a single IP address).

TLS Server Name Indication (SNI)

The RFC 4366 has created a "server name indication" (SNI) extension that allows the client (the web browser) to specify which server it wants to connect to during the SSL connection, which will allow the server to present the correct certificate.

Browsers and servers have to implement this extention now.

Here is the mid-2011 situation:

  • Compatible browsers:
    • Internet Explorer 7+ (but IE under XP -no matter the version- does not work, and there are issues with other versions)
    • Firefox 2+
    • Opera 8+
    • Chrome
    • Safari 3.2.1+ under Mac OS X 10.5.6+
    • Safari under Vista or Seven
    • MobileSafari under iOS 4.0+
    • WindowsPhone 7
    • Android 3+
  • Compatible servers:
  •  Incompatible browsers:
    • Internet Explorer under XP
    • Safari under XP
    • Blackberry
    • Java 6
    • Android 2.3
    • Windows Mobile (works from version 7)
  •  Incompatibles servers:
    • Microsoft IIS before version 8

Examples of SNI implementation

Useful links