SSL and Shared IP Addresses
Plesk supports the Server Name Indication (SNI) extension to the Transport Layer Security protocol, which makes it possible to use authentic SSL certificates for sites hosted on shared IP addresses.
SNI helps to efficiently use IPv4 resources and provides the following benefits:
- Providers can run any number of SSL sites with independent certificates on a single IPv4 address.
- Hosting customers can install independent SSL certificates on each of their sites; therefore, there is no need to purchase another subscription. Each customer can install an SSL certificate even if there is only one shared IP address on the whole server.
The SSL support with SNI is possible only if the following requirements are met:
The operating system of your Plesk server supports SNI.
- Linux systems (see the full list in the release notes).
- Windows 2012.
Users' browsers support SNI.
Most modern web browsers, starting with IE 7, Firefox 2.0, Opera 8.0, and Chrome 1.0, support SNI, unless they are run on Windows XP. To learn more about SNI and the client software that supports it, refer to http://en.wikipedia.org/wiki/Server_Name_Indication.
If SNI is not supported and you (as the administrator) assign an SSL certificate to a site hosted on a shared IP address, Plesk will associate that certificate with all other sites hosted on this IP address. In the same case, hosting customers with shared IP addresses will not be able to assign SSL certificates to their sites: the page Websites & Domains > <domain_name> > SSL Certificates will be hidden in their Customer Panel.
For instructions on assigning SSL certificates to websites, refer to the section Securing Connections with SSL Certificates.
Turning On Support for SNI
By default, in clean Plesk installations (Linux and Windows), the support for SNI is turned on.
If you upgrade Plesk for Windows from version 11.0 or earlier, the support for SNI will be switched off. You can turn it on in Tools & Settings > Server Settings.
On Plesk for Linux, the support for SNI is always on and cannot be disabled.