SSL/TLS and Shared IP Addresses
Plesk supports the Server Name Indication (SNI) extension to the Transport Layer Security protocol, which makes it possible to use authentic SSL/TLS certificates for sites hosted on shared IP addresses.
SNI helps to efficiently use IPv4 resources and provides the following benefits:
- Providers can run any number of SSL/TLS sites with independent certificates on a single IPv4 address.
- Hosting customers can install independent SSL/TLS certificates on each of their sites; therefore, there is no need to purchase another subscription. Each customer can install an SSL/TLS certificate even if there is only one shared IP address on the whole server.
The SSL/TLS support with SNI is possible only if the following requirements are met:
The operating system of your Plesk server supports SNI.
- Linux systems (see the full list in the release notes).
- Windows 2012.
Users’ browsers support SNI.
Most modern web browsers, starting with IE 7, Firefox 2.0, Opera 8.0, and Chrome 1.0, support SNI, unless they are run on Windows XP. To learn more about SNI and the client software that supports it, refer to http://en.wikipedia.org/wiki/Server_Name_Indication.
If SNI is not supported and you (as the administrator) assign an SSL/TLS certificate to a site hosted on a shared IP address, Plesk will associate that certificate with all other sites hosted on this IP address. In the same case, hosting customers with shared IP addresses will not be able to assign SSL/TLS certificates to their sites: the page Websites & Domains > <domain_name> > SSL/TLS Certificates will be hidden in their Customer Panel.
For instructions on assigning SSL/TLS certificates to websites, refer to the section Securing Connections with SSL/TLS Certificates.
By default, in clean Plesk installations (Linux and Windows), the support for SNI is turned on.
If you upgrade Plesk for Windows from version 11.0 or earlier, the support for SNI will be switched off. You can turn it on in Tools & Settings > Server Settings.
On Plesk for Linux, the support for SNI is always on and cannot be disabled.