Server Name Indication
We can configure a separate certificate label with Server Name Indication (SNI) support for IBM HTTP Server, based on the hostname requested by the client. The configuration can be done either by defining name-based SSL virtual hosts or by using the SSLSNIMap directive. We cannot use other handshake-related settings from a name-based virtual host with SNI.
Definitions for SNI
- Each virtual host with a matching address-spec, such as "*:443", forms a name-based virtual host group.
- The first listed virtual host in a name-based virtual host group is the default virtual host.
Forms of SNIThere are two forms of SNI:
Requirements for SNI
<virtualhost *:443>
ServerName example.com
SSLEnable SNI
SSLServerCert default
SSLSNIMap a.example.com sni1-rsa
SSLSNIMap a.example.com sni1-ecc
SSLSNIMap b.example.com sni2
</virtualhost>
<virtualhost *:443>
ServerName example.com
SSLEnable SNI
</virtualhost>
<virtualhost *:443>
ServerName a.example.com
SSLEnable
SSLServerCert sni1
</virtualhost>
<virtualhost *:443>
ServerName b.example.com
ServerAlias other.example.com
SSLEnable
SSLServerCert sni2
</virtualhost>
Related tasks