CloudBlue Technical Support

Purpose of the article

This article is intended as the hub of questions and answers related to Server Name Indication (SNI) service on Linux Shared Hosting NG.

Question:

What is SNI?

Answer:

This feature is designed to replace SSL Proxy Server. With SNI enabled, it is possible to install SSL certificates on websites even with shared IP addresses. There is an additional information here:

https://en.wikipedia.org/wiki/Server_Name_Indication

In Operations Automation 5.5, Server Name Indication support has been added to Linux Shared NG hosting.

Question:

How to enable SNI on NG?

Answer:

SNI is enabled automatically once the following conditions are met:

• Webserver is running CloudLinux 6
• There is no SSL Proxy Server deployed on Operations Automation set.

Question:

How to verify whether SSL Proxy Server is deployed or not?

Answer:

Log in to OA Provider Control Panel and go to Infrastructure > Services to check a list of services.

Question:

How to decommission SSL Proxy Server in order to enable SNI on NG?

Answer:

Uninstall shared_ssl_config package from server which is marked as SSL Proxy Server.

Question:

How to verify whether SNI is enabled or not?

Answer:

1. In Customer Control Panel, go to the Websites tab and click a domain name with a shared IP address;
2. Click Web Hosting Settings and go to the SSL tab;
3. Check whether you can enable SSL for the domain.

Question:

Is it possible to to enable SSL per website (domain on webspace)?

Answer:

There is a Feature request POA-59492: "SSL and IP per website" for this case. Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Question:

SNI is avalibale for IIS starting from IIS8. Is it possible to use this functional on Windows?

Answer:

There is a Feature request POA-90495: "SNI (server name indication) for IIS 8" for this case. Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Question:

Customer created domain on NG web hosting based on shared IP address and created WWW dns record. It is expected that both domain.tld and www.domain.tld will use single SSL certificate. But it only works for domain.tld and does not work for www. Instead of customers domain certificate when you browse www.domain.tld - default certificate is loaded. Why?

Answer:

The issue has been fixed in OA 5.5 update 8, see https://kb.cloudblue.com/en/129924 for details.

Question:

During installation of SSL certificate for domain in CCP not exists any warnings that OSA allow use only single SSL certificate per webspace and if already was added certificate for other domain in that webspace it will be replaced. Why?

Answer:

The issue has been submitted to our Engineering team as Request POA-102098: "OSA should warn that can exists only one SSL certificate per webspace". Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Main links to guides:

https://download.automation.odin.com/pa/6.0/doc/portal/6.0/oa/73398.htm

http://download.automation.odin.com/poa/5.5/doc/index.htm?fileName=73398.htm

Internal content