Rate this article: (2 votes, average: 4.50)
Though its rare these days, you may occasionally run across terms like SNI SSL and IP SSL or website talking about the differences between SNI SSL vs IP SSL. These terms harken back to the early days of SSL/TLS — back to a time where maps were kept in glove boxes and people’s phones were just phones.
Originally, there was only one kind of SSL certificate — organization validation (OV). At that point, the conventional wisdom was that only websites that transacted in sensitive information needed SSL. And, since most of those were run by legitimate businesses, organization validation was no problem. It was initially limited to the USA, too. Thawte was the first certificate authority (CA) to offer SSL certificates for internationalized domains.
But there was another more technical reason that OV was originally the only game in town: IP addresses. To this day, OV certificates are the only SSL/TLS certificates that can secure IP addresses. Nowadays, that’s a selling point. Initially it was a hinderance because each website needed to have its own IP address. In shared hosting environments where multiple websites reside on the same IP address, SSL really wasn’t an option.
And, obviously, we couldn’t have that, so in 2003, server name indication (SNI) was introduced as an extension to TLS. Now, let’s take a quick detour into SSL vs TLS. Initially, secure sockets layer (SSL) was the protocol used to secure HTTP connections. But, as it happens with any new protocol, vulnerabilities were found quickly and its creators were forced back to the drawing board. SSL made it all the way to version 3.0 before it was replaced by TLS, or what’s known as transport layer security.
The key difference is the way the connections are made. SSL connects directly to port 443. TLS, on the other hand, starts with a hello via an insecure channel and moves to port 443 following a successful handshake. That’s kind of in-the-weeds for this article — however, the key takeaway is that TLS is a different protocol than SSL, though it serves the same function. But that subtle difference cleared the way for SNI.
And SNI cleared the way for the invention of domain and extended validation SSL certificates. That’s because with SNI, websites hosted on the same IP address can all have individual certificates. Rather, with SNI, the client could query the server by hostname and receive the correct certificate.
Now, SSL certificates no longer have to be bound to an IP address — they can be bound to a host name.
And that might be the best way to view IP SSL vs SNI SSL:
Browsers that are compatible with SNI (earliest version) include:
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all PositiveSSL Multi-Domain Wildcard Certificates at up to 59% off.Shop for Positive Multi-Domain Wildcard SSL Certificate