cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

SNI ( Server Name Indicator ), SSL support in cPanel

Nathan Lierbo shared this idea 8 years ago
Completed

Discussion on SNI, SSL, HTTPS, IP address, etc and

Poll : Do you want to see/have full/more support of SNI, SSL in CPanel ?

* Yes

* Yes, More Options

* No


Does cPanel supports SNI ( Server Name Indicator ) ( its a TLS extension, mod_gnutls ) ?


SNI allows a hosting server to use/share only 1 IP address to host hundreds of virtual hosts each with its own SSL certificates.


Usually SSL implementation (like, for delivering content through HTTPS Secured Web Pages) is done for each virtual host by binding it with one dedicated/unique IP address.


Improvement of this feature will help us to provide & implement SSL certificate for each virtual host, by using only 1 shared IP address, is a great way to reduce the need of extra IPs, thus saving the cost of dedicated IP, and by also improving the overall whole package.


How much SNI support does cPanel currently have ?


Below are some related links :

SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls :

http://www.g-loaded.eu/2007/08/10/ss...th-mod_gnutls/.

How to use SNI : http://fedoranews.org/cms/node/2875.

How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS

Extensions : http://howtoforge.com/enable-multipl...on-debian-etch.

Paul found a way to use mod_gnutls for implementing TLS SNI :http://journal.paul.querna.org/artic...ion/?postid=70.

TLS upgrade : http://corelands.com/blog/?postid=51.

mod_ssl : http://httpd.apache.org/docs/2.1/mod...html#sslengine.

mod_gnutls : http://www.outoforder.cc/projects/apache/mod_gnutls/ .

SNI (Server Name Indication) : RFC-3546 section 3.1 :

http://www.ietf.org/rfc/rfc3546.txt.


Anyone else have other links related with SNI implementation ?


Original thread: http://forums.cpanel.net/f145/case-46856-sni-server-name-indicator-ssl-support-cpanel-83661.html

Replies (20)

photo
3

The original thread may have been closed, but i consider this topic still as relevant. as Ipv4s are getting less, prices are going up for them and as even IPv6 support isn´t possible in cPanel, this feature is a must-have (even plesk has this feature). In the thread you said, sni will be included when the end devices are ready - this was FIVE years ago!!

photo
2

greenery wrote:

The original thread may have been closed, but i consider this topic still as relevant. as Ipv4s are getting less, prices are going up for them and as even IPv6 support isn´t possible in cPanel, this feature is a must-have (even plesk has this feature). In the thread you said, sni will be included when the end devices are ready - this was FIVE years ago!!
greenery,


You are right! It's a shame that we still have to wait to have this functionality. I use a server with CentOS makes more than a year and SNI works perfectly.It's hell getting new IPV4 addresses depending on the datacenter.I hope to be released early this year with CentOS 6 is maintained ...

photo
2

We are currently working on an overhaul of our SSL Certificate functionality. These changes will bring improvements for management of "regular" SSL Certificates along with support for SNI and UCC certificates. We hope to have many of these changes available for cPanel & WHM 11.38.

photo
1

@Kenneth


I know you can't make any promises or guarantees, though do you foresee SNI support being available in the first quarter of 2013 or the second/third/fourth?


We're currently with a provider who we use to virtualize a rather large portion of our services and they have a strict 1 IP per VM ruling so we're stuck and moving isn't an option. Without SNI, we have to bounce clients around when they require SSL and even then, we have to jump through loops to justify usage.


SNI support will be a very welcome addition. While I'm sure IPv6 is a priority as well, SNI is really needed now to solve these sort of issues in the interim.

photo
1

Jonathan Tittle wrote:

@Kenneth


I know you can't make any promises or guarantees, though do you foresee SNI support being available in the first quarter of 2013 or the second/third/fourth?


We're currently with a provider who we use to virtualize a rather large portion of our services and they have a strict 1 IP per VM ruling so we're stuck and moving isn't an option. Without SNI, we have to bounce clients around when they require SSL and even then, we have to jump through loops to justify usage.


SNI support will be a very welcome addition. While I'm sure IPv6 is a priority as well, SNI is really needed now to solve these sort of issues in the interim.

Both improved Wildcard support and SNI should appear Q3/Q4. The other SSL improvements I mentioned should appear Q2/Q3.

photo
6

for SNI is Q3/Q4 too late.

All other Platforms did support already and this should be implemented as fast as possible. There are almost no ipv4, and user want to use SSL without using an extra ip.

thanks

photo
2

I would say Q3/Q4 is too late as well.


The prices is getting insane for IPv4, and it sucks to tell a customer "hey your site can't be secure, because cpanel doesn't support SNI, and we can't get any more IPv4 addresses"

photo
4

The team working on Wildcard SSL and SNI finished sooner than expected. This work will appear in cPanel & WHM release 11.38. We expect to deliver 11.38 within the next couple months.

photo
4

What is the best workaround in 11.36? This has been around for some time and IP4 is very expensive - If you think about it, its crazy to have an IP for each SSL cert.

photo
1

It will be great to have this feature. I really want this feature. Our Portal need many SSL support for a shared IP.


Many Thanks

photo
4

is sni working in version 11.38.0.13?

photo
1

Now you released 11.38 - where do we find this option?

photo
1

greenery wrote:

Now you released 11.38 - where do we find this option?
There is nothing to enable. As long as you are using cPanel & WHM version 11.38 on CentOS, RHEL, or CloudLinux version 6 or newer, SNI works out of the box.

photo
1

Bluehost told me that they don`t support SNI because cpanel don`t support. What I should to tell to them?? Maybe they aren`t with the lastest version??

photo
1

Diego Lopes wrote:

Bluehost told me that they don`t support SNI because cpanel don`t support. What I should to tell to them?? Maybe they aren`t with the lastest version??
At cpanel screen is telling that their version is 11.38.2, so it should to work no??

photo
1

Diego Lopes wrote:

At cpanel screen is telling that their version is 11.38.2, so it should to work no??
Hi, apparently bluehost is telling that cpanel have lyed when tell that can offer more than one SSL on the same IP. So, cpanel support SNI or not? If support what host work with the true cpanel? tks a lot!

photo
1

Diego Lopes wrote:

Hi, apparently bluehost is telling that cpanel have lyed when tell that can offer more than one SSL on the same IP. So, cpanel support SNI or not? If support what host work with the true cpanel? tks a lot!
Look what namecheap told me:


We would like to let you know that SNI feature is not the best choice anyway.SNI is not supported on most of web servers since it is comparatively new feature. Moreover it is not supported by most of web clients, which means that browsers or other web interfaces on client's side will see SSL Certificate error.Also mobile devices (most of them) do not support it either.


So, this thing works or not???

photo
1

Diego Lopes wrote:

Bluehost told me that they don`t support SNI because cpanel don`t support. What I should to tell to them?? Maybe they aren`t with the lastest version??
SNI is supported with cPanel & WHM version 11.38, when used on CentOS 6. The version of OpenSSL in CentOS 5 does not support SNI. CloudLinux and RHEL 6 are also sufficient.


As for browser support, please consult the nice chart on the SNI Wikipedia page (http://en.wikipedia.org/wiki/Server_Name_Indication#Support). Basically as long as the client is on an Operating System newer than Windows XP, SNI will be supported client side.

photo
2

Hi.. this is little different from topic , but still regarding ssl on cpanel


i opted for Multi domain ssl for my client, as was told cpnael supports multi domain ssl , i got all my domain ( in total 10 ) covered in multi domain.


when bluehost installed it , my main website in ssl was working fine and add ons when opened with https , was actually opening main website .. bluehost told me cpnael doesnt support it, while hostgator told me they support it and also a friend of mine was using it on hostgator.

Bluehost insisted they can not fix it... than i raised a ticket directly at cpnael.net and they told me

" Hello,


Thank you for contacting cPanel support!


From our understanding, Bluehost is currently using an older version of

CentOS, which is not compatible with SNI. SNI requires CentOS 6, RHEL 6,

or CloudLinux 6. Please see the following for more information:


http://features.cpanel.net/responses/sni-server-name-indicator-ssl-support-in-cpanel#comment-12952 "


so, real reason is the OS are outdated and they do not want to upgrade that and we paying for old piece of software ..

i am getting my client shifted to host gator or if someone has any suggestions about any other hosting supporting it .. please update.

photo
1

Finsu wrote:

Hi.. this is little different from topic , but still regarding ssl on cpanel


i opted for Multi domain ssl for my client, as was told cpnael supports multi domain ssl , i got all my domain ( in total 10 ) covered in multi domain.


when bluehost installed it , my main website in ssl was working fine and add ons when opened with https , was actually opening main website .. bluehost told me cpnael doesnt support it, while hostgator told me they support it and also a friend of mine was using it on hostgator.

Bluehost insisted they can not fix it... than i raised a ticket directly at cpnael.net and they told me

" Hello,


Thank you for contacting cPanel support!


From our understanding, Bluehost is currently using an older version of

CentOS, which is not compatible with SNI. SNI requires CentOS 6, RHEL 6,

or CloudLinux 6. Please see the following for more information:


http://features.cpanel.net/responses/sni-server-name-indicator-ssl-support-in-cpanel#comment-12952 "


so, real reason is the OS are outdated and they do not want to upgrade that and we paying for old piece of software ..

i am getting my client shifted to host gator or if someone has any suggestions about any other hosting supporting it .. please update.

Bluehost and Host Gator are owned by the same company, for what it's worth.

Replies have been locked on this page!