What is the difference between SNI & IP based SSL?

Azure supports SNI & IP based SSL. What is the difference between the two?

IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.

SNI (Server Name Indication) based SSL is an extension to SSL and Transport Layer Security (TLS;  TLS is just the ‘proper’ name for modern day SSL) that allows multiple domains to share the same IP address, with separate security certificates for each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI, however older browsers may not support SNI. Server Name Indication was introduced in IIS 8.0

SNI certificates were introduced to get round the problem of the 1:1 mapping between sites and IP addresses.

Any time you have a website that you look up it's IP and when you type the IP directly in to the browser and you got a different website, you just encountered Shared Hosting, a extremely common practice. Multiple dynamic DNS addresses resolve to the same IP address



Comments