Allow SNI for shared IP SSL certificates

Version 1.361

Finished Default: enable_ssl_sni=0 but if you want to allow ssl certificates to be added to shared IPs, set: enable_ssl_sni=1 Enabling sni will simply disable the check for owned IPs when adding certificates. DirectAdmin does not make any special changes to allow SNI to work. Also, if a User account has more than 1 IP in his user_ip.list file, the check for the main domain for SSL will be disabled. This is because he could have 2 IPs for ssl, both valid (either owned IPs or with sni enabled) thus there isn't much point in enforcing the main domain to be the only domain for ssl under a User account. Related apache document: Reported: CentOS 5 and Debian 5 come with verisons of OpenSSL that do not support SNI. Updating to a newer OS, like CentOS 6 would likely be required. As of May 2015, we're guessing about 95% of client browsers support SNI. However, this means that 5% of people who connect will get SSL errors. The 5% would be browsers that are very old, like IE with windows XP. Openssl version 0.9.8j should have the SNI compile flag enabled by default, but it's not guaranteed that it's actually enabled for your given libraries.

Interested to try DirectAdmin? Get a 30-day Free Trial!