Should i have SNI when my websites are on different ports in the same ip address?
In trying to understand how all of this works so excuse me if my questions sound kinda obvious or i misunderstand some things.
Let me set up a scenario:
I have a server that has 2 web sites hosted, it runs on Windows server 2019 with IIS 10. For each website, there's 2 parts: A frontend made with Angular, and a data API made with .net 7, with TLS 1.2.
All sites are pointing at the same ip address (1.22.33.44) but with different ports, for example:
www.example1.com => https://1.22.33.44:44374
www.example1DataAPI.com => https://1.22.33.44:44375
Each site has its own SSL certificate, so we need 2 for each full website.
When you go into IIS to edit the bindings of a site there's a check under the host name that says "Require Server Name Indication":
This server doesn't have a "Main" site, in the future there will be atleast 5 more websites made with the same structure as the example above.
My questions are:
- Should i leave the "Require Server Name Indication" box checked or unchecked for all the sites in my example?
- If not, then in what scenario would it be mandatory to have it checked?
- I read that you would have to use it if you have for example 2 sites on a server that point at the same ip address and port. Can someone confirm me if that's correct please?
According to https://www.cloudflare.com/learning/ssl/what-is-sni/ and https://knowledge.digicert.com/quovadis/ssl-certificates/ssl-general-topics/what-is-sni-server-name-indication ,all three of your problems will be solved after understanding the role of SNI and how it works.
SNI allows the server to safely host multiple SSL Certificates for multiple sites, all under the same IP address and same port. When different websites use different ports, the server can determine which SSL certificates should be used based on the port directly.
Above all, in your example, It doesn't need the SNI. You should use it when multiple sites under the same IP address and port just like the example you gave.
- Python/Flask Login form throws 500 error on IIS
- Unable to launch IIS Express Web Server - Failed to Register URL - Cannot create a file when that file already exists | VS Community 2017
- IIS not able to locate the web.config
- How to run both Microsoft IIS and WAMP on the same PC via localhost
- How to fix 500.30 - ASP.NET CORE app failed to start
- Issue with redirection in IIS?
- Web.Config rewrite rule for Angular application to handle invalid files/directories
- The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security
- Deploy Angular 17 with SSR on IIS Server
- Powershell script to get IIS app pool recycling time from servers
- asp.net core app deployed on iis meets 500 internal server error
- Access to the path 'c:\inetpub\wwwroot\myapp\App_Data' is denied
- Web Deployment React - 404 Error on API Calls
- Why is index.html returned by Asp net Core for requests of my Angular Spa dist files?
- php_oci8.dll - Unable to load dynamic library
- w3wp.exe high memory usage yet low managed memory usage?
- The Module DLL C:\WINDOWS\system32\inetsrv\aspnetcore.dll failed to load. The data is the error. When running my local website
- IIS URL Rewrite: Match URL with and without Slash
- unable to launch iis express web server port 80 is in use
- What is Kestrel (vs IIS / Express)?
- App deployed on IIS not connecting to local db
- The breakpoint will not currently be hit - No executable code is associated with this line
- Cannot connect to localhost over SSL after Windows 11 Upgrade
- A default document is not configured for the requested URL, and directory browsing is not enabled on the server
- Why am I getting Server Error in '/' Application in IIS?
- Register .NET 4.5 IIS 10 Windows 10
- Bootstrap Bundle File Does Not Go Automatically After Publish
- Clean my MachineKeys folder by removing multiple RSA files without touching IIS ones
- How can I redirect a Flutter web application to https?
- Publishing web api with swagger on IIS