SNI question/request


#1

My domain is: www.barnesbrinkcraft.co.uk
My hosting provider, if applicable, is: Webfaction
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Is it possible to either:
Turn off or bypass SNI on the certificate
Or bypass the certificate for a specific url.

Thanks


#2

What do you mean? What’s your end goal?

Depending on what you mean, probably not. If the browser is requesting an HTTPS URL, then you have to provide a valid certificate, otherwise there will be an error. You can link or redirect people to non-HTTPS pages, but that’s about it.


#3

On code (system) level, you could turn off the SNI (by recompiling software, however it’s not possible on webfaction (since you don’t have sudo access)

Certificate could work in non-sni mode and SNI mode, the oh difference is how the certificate behave in some really old clients (which should be depreciated due to TLS1.0 being depreciated)

If you want to provide support for those older clients, the easiest way is to purchase one or more dedicated IP from your host.

In order for all websites you hosted to work without SNI, you need to allocate one IP address per TLS certificate.

Thank you


#4

If you’re using a shared web server plan from WebFaction you will need to purchase the Dedicated IP add-on to allow users to connect to your website without SNI. (e.g. users of Android 2.3 and earlier or Internet Explorer on Windows XP SP2 and earlier).

If you are on one of the cloud server plans, we would need to know what server you are using and how it is configured in order to help you allow users to connect without SNI.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.