SNI ( Server Name Indicator ), SSL support in cPanel
Discussion on SNI, SSL, HTTPS, IP address, etc and
Poll : Do you want to see/have full/more support of SNI, SSL in CPanel ?
* Yes
* Yes, More Options
* No
Does cPanel supports SNI ( Server Name Indicator ) ( its a TLS extension, mod_gnutls ) ?
SNI allows a hosting server to use/share only 1 IP address to host hundreds of virtual hosts each with its own SSL certificates.
Usually SSL implementation (like, for delivering content through HTTPS Secured Web Pages) is done for each virtual host by binding it with one dedicated/unique IP address.
Improvement of this feature will help us to provide & implement SSL certificate for each virtual host, by using only 1 shared IP address, is a great way to reduce the need of extra IPs, thus saving the cost of dedicated IP, and by also improving the overall whole package.
How much SNI support does cPanel currently have ?
Below are some related links :
SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls :
http://www.g-loaded.eu/2007/08/10/ss...th-mod_gnutls/.
How to use SNI : http://fedoranews.org/cms/node/2875.
How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS
Extensions : http://howtoforge.com/enable-multipl...on-debian-etch.
Paul found a way to use mod_gnutls for implementing TLS SNI :http://journal.paul.querna.org/artic...ion/?postid=70.
TLS upgrade : http://corelands.com/blog/?postid=51.
mod_ssl : http://httpd.apache.org/docs/2.1/mod...html#sslengine.
mod_gnutls : http://www.outoforder.cc/projects/apache/mod_gnutls/ .
SNI (Server Name Indication) : RFC-3546 section 3.1 :
http://www.ietf.org/rfc/rfc3546.txt.
Anyone else have other links related with SNI implementation ?
Original thread: http://forums.cpanel.net/f145/case-46856-sni-server-name-indicator-ssl-support-cpanel-83661.html
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
The original thread may have been closed, but i consider this topic still as relevant. as Ipv4s are getting less, prices are going up for them and as even IPv6 support isn´t possible in cPanel, this feature is a must-have (even plesk has this feature). In the thread you said, sni will be included when the end devices are ready - this was FIVE years ago!!
The original thread may have been closed, but i consider this topic still as relevant. as Ipv4s are getting less, prices are going up for them and as even IPv6 support isn´t possible in cPanel, this feature is a must-have (even plesk has this feature). In the thread you said, sni will be included when the end devices are ready - this was FIVE years ago!!
You are right! It's a shame that we still have to wait to have this functionality. I use a server with CentOS makes more than a year and SNI works perfectly.It's hell getting new IPV4 addresses depending on the datacenter.I hope to be released early this year with CentOS 6 is maintained ...
You are right! It's a shame that we still have to wait to have this functionality. I use a server with CentOS makes more than a year and SNI works perfectly.It's hell getting new IPV4 addresses depending on the datacenter.I hope to be released early this year with CentOS 6 is maintained ...
We are currently working on an overhaul of our SSL Certificate functionality. These changes will bring improvements for management of "regular" SSL Certificates along with support for SNI and UCC certificates. We hope to have many of these changes available for cPanel & WHM 11.38.
We are currently working on an overhaul of our SSL Certificate functionality. These changes will bring improvements for management of "regular" SSL Certificates along with support for SNI and UCC certificates. We hope to have many of these changes available for cPanel & WHM 11.38.
@Kenneth
I know you can't make any promises or guarantees, though do you foresee SNI support being available in the first quarter of 2013 or the second/third/fourth?
We're currently with a provider who we use to virtualize a rather large portion of our services and they have a strict 1 IP per VM ruling so we're stuck and moving isn't an option. Without SNI, we have to bounce clients around when they require SSL and even then, we have to jump through loops to justify usage.
SNI support will be a very welcome addition. While I'm sure IPv6 is a priority as well, SNI is really needed now to solve these sort of issues in the interim.
@Kenneth
I know you can't make any promises or guarantees, though do you foresee SNI support being available in the first quarter of 2013 or the second/third/fourth?
We're currently with a provider who we use to virtualize a rather large portion of our services and they have a strict 1 IP per VM ruling so we're stuck and moving isn't an option. Without SNI, we have to bounce clients around when they require SSL and even then, we have to jump through loops to justify usage.
SNI support will be a very welcome addition. While I'm sure IPv6 is a priority as well, SNI is really needed now to solve these sort of issues in the interim.
for SNI is Q3/Q4 too late.
All other Platforms did support already and this should be implemented as fast as possible. There are almost no ipv4, and user want to use SSL without using an extra ip.
thanks
for SNI is Q3/Q4 too late.
All other Platforms did support already and this should be implemented as fast as possible. There are almost no ipv4, and user want to use SSL without using an extra ip.
thanks
I would say Q3/Q4 is too late as well.
The prices is getting insane for IPv4, and it sucks to tell a customer "hey your site can't be secure, because cpanel doesn't support SNI, and we can't get any more IPv4 addresses"
I would say Q3/Q4 is too late as well.
The prices is getting insane for IPv4, and it sucks to tell a customer "hey your site can't be secure, because cpanel doesn't support SNI, and we can't get any more IPv4 addresses"
The team working on Wildcard SSL and SNI finished sooner than expected. This work will appear in cPanel & WHM release 11.38. We expect to deliver 11.38 within the next couple months.
The team working on Wildcard SSL and SNI finished sooner than expected. This work will appear in cPanel & WHM release 11.38. We expect to deliver 11.38 within the next couple months.
What is the best workaround in 11.36? This has been around for some time and IP4 is very expensive - If you think about it, its crazy to have an IP for each SSL cert.
What is the best workaround in 11.36? This has been around for some time and IP4 is very expensive - If you think about it, its crazy to have an IP for each SSL cert.
It will be great to have this feature. I really want this feature. Our Portal need many SSL support for a shared IP.
Many Thanks
It will be great to have this feature. I really want this feature. Our Portal need many SSL support for a shared IP.
Many Thanks
is sni working in version 11.38.0.13?
is sni working in version 11.38.0.13?
Now you released 11.38 - where do we find this option?
Now you released 11.38 - where do we find this option?
Bluehost told me that they don`t support SNI because cpanel don`t support. What I should to tell to them?? Maybe they aren`t with the lastest version??
Bluehost told me that they don`t support SNI because cpanel don`t support. What I should to tell to them?? Maybe they aren`t with the lastest version??
We would like to let you know that SNI feature is not the best choice anyway.SNI is not supported on most of web servers since it is comparatively new feature. Moreover it is not supported by most of web clients, which means that browsers or other web interfaces on client's side will see SSL Certificate error.Also mobile devices (most of them) do not support it either.
So, this thing works or not???
We would like to let you know that SNI feature is not the best choice anyway.SNI is not supported on most of web servers since it is comparatively new feature. Moreover it is not supported by most of web clients, which means that browsers or other web interfaces on client's side will see SSL Certificate error.Also mobile devices (most of them) do not support it either.
So, this thing works or not???
As for browser support, please consult the nice chart on the SNI Wikipedia page (http://en.wikipedia.org/wiki/Server_Name_Indication#Support). Basically as long as the client is on an Operating System newer than Windows XP, SNI will be supported client side.
As for browser support, please consult the nice chart on the SNI Wikipedia page (http://en.wikipedia.org/wiki/Server_Name_Indication#Support). Basically as long as the client is on an Operating System newer than Windows XP, SNI will be supported client side.
Hi.. this is little different from topic , but still regarding ssl on cpanel
i opted for Multi domain ssl for my client, as was told cpnael supports multi domain ssl , i got all my domain ( in total 10 ) covered in multi domain.
when bluehost installed it , my main website in ssl was working fine and add ons when opened with https , was actually opening main website .. bluehost told me cpnael doesnt support it, while hostgator told me they support it and also a friend of mine was using it on hostgator.
Bluehost insisted they can not fix it... than i raised a ticket directly at cpnael.net and they told me
" Hello,
Thank you for contacting cPanel support!
From our understanding, Bluehost is currently using an older version of
CentOS, which is not compatible with SNI. SNI requires CentOS 6, RHEL 6,
or CloudLinux 6. Please see the following for more information:
http://features.cpanel.net/responses/sni-server-name-indicator-ssl-support-in-cpanel#comment-12952 "
so, real reason is the OS are outdated and they do not want to upgrade that and we paying for old piece of software ..
i am getting my client shifted to host gator or if someone has any suggestions about any other hosting supporting it .. please update.
Hi.. this is little different from topic , but still regarding ssl on cpanel
i opted for Multi domain ssl for my client, as was told cpnael supports multi domain ssl , i got all my domain ( in total 10 ) covered in multi domain.
when bluehost installed it , my main website in ssl was working fine and add ons when opened with https , was actually opening main website .. bluehost told me cpnael doesnt support it, while hostgator told me they support it and also a friend of mine was using it on hostgator.
Bluehost insisted they can not fix it... than i raised a ticket directly at cpnael.net and they told me
" Hello,
Thank you for contacting cPanel support!
From our understanding, Bluehost is currently using an older version of
CentOS, which is not compatible with SNI. SNI requires CentOS 6, RHEL 6,
or CloudLinux 6. Please see the following for more information:
http://features.cpanel.net/responses/sni-server-name-indicator-ssl-support-in-cpanel#comment-12952 "
so, real reason is the OS are outdated and they do not want to upgrade that and we paying for old piece of software ..
i am getting my client shifted to host gator or if someone has any suggestions about any other hosting supporting it .. please update.
Replies have been locked on this page!