Search Engine: Elastic

Article ID: 129255, created on Aug 15, 2016, last review on Aug 22, 2017

  • Applies to:
  • Operations Automation 7.0
  • Operations Automation 6.0
  • Operations Automation 5.5

Purpose of the article

This article is intended as the hub of questions and answers related to Server Name Indication (SNI) service on Linux Shared Hosting NG.

Question:

What is SNI?

Answer:

This feature is designed to replace SSL Proxy Server. With SNI enabled, it is possible to install SSL certificates on websites even with shared IP addresses. There is an additional information here:

https://en.wikipedia.org/wiki/Server_Name_Indication

In Operations Automation 5.5, Server Name Indication support has been added to Linux Shared NG hosting.

Question:

How to enable SNI on NG?

Answer:

SNI is enabled automatically once the following conditions are met:

  • Webserver is running CloudLinux 6
  • There is no SSL Proxy Server deployed on Operations Automation set.

Question:

How to verify whether SSL Proxy Server is deployed or not?

Answer:

Log in to OA Provider Control Panel and go to Infrastructure > Services to check a list of services.

Question:

How to decommission SSL Proxy Server in order to enable SNI on NG?

Answer:

Uninstall shared_ssl_config package from server which is marked as SSL Proxy Server.

Question:

How to verify whether SNI is enabled or not?

Answer:

  1. In Customer Control Panel, go to the Websites tab and click a domain name with a shared IP address;
  2. Click Web Hosting Settings and go to the SSL tab;
  3. Check whether you can enable SSL for the domain.

Question:

Is it possible to to enable SSL per website (domain on webspace)?

Answer:

There is a Feature request POA-59492: "SSL and IP per website" for this case. Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Question:

SNI is avalibale for IIS starting from IIS8. Is it possible to use this functional on Windows?

Answer:

There is a Feature request POA-90495: "SNI (server name indication) for IIS 8" for this case. Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Question:

Customer created domain on NG web hosting based on shared IP address and created WWW dns record. It is expected that both domain.tld and www.domain.tld will use single SSL certificate. But it only works for domain.tld and does not work for www. Instead of customers domain certificate when you browse www.domain.tld - default certificate is loaded. Why?

Answer:

The issue has been fixed in OA 5.5 update 8, see https://kb.odin.com/en/129924 for details.

Question:

During installation of SSL certificate for domain in CCP not exists any warnings that OSA allow use only single SSL certificate per webspace and if already was added certificate for other domain in that webspace it will be replaced. Why?

Answer:

The issue has been submitted to our Engineering team as Request POA-102098: "OSA should warn that can exists only one SSL certificate per webspace". Please contact your Technical Account Manager or Pooled Technical Associates Team (pta@odin.com) to trace the status of this request.

Main links to guides:

https://download.automation.odin.com/pa/6.0/doc/portal/6.0/oa/73398.htm

http://download.automation.odin.com/poa/5.5/doc/index.htm?fileName=73398.htm

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 956c448bddc7e1f3585373687602379f 6f1456866eed87488c0f02b298a741c0 5b048d9bddf8048a00aba7e0bdadef37 2554725ed606193dd9bbce21365bed4e 0871c0b47b3b86ae3b1af4c2942cd0ce 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF