Pen and Server Name Indication

Server Name Indication is a TLS extension which allows multiple virtual hosts, and multiple digital certificates, to coexist on the same IP address and port. It is among the features destined for Pen 0.27.4.

To enable SNI in Pen, all that needs to be done is this line in the configuration file:

ssl_sni_path /etc/pen/sni

Then add the private key, your certificate and the CA’s certificate to that directory, using this naming scheme:

[root@lb pen]# ls /etc/pen/sni
bilder.gullringe.se.ca bilder.gullringe.se.crt bilder.gullringe.se.key

Now any time a request comes in for bilder.gullringe.se, these files will be used for the negotiation.

The downside is that a reasonably modern browser is required.

Qualys-SNI-A+

Facebooktwittergoogle_plusredditpinterestlinkedinmail

One thought on “Pen and Server Name Indication

Leave a Reply

Your email address will not be published. Required fields are marked *