SNI: What is it and what it can do for you
Citrix NetScaler offers the ability to use multiple SSL certificates on a virtual server by using a great feature that has been available since version 9.2. This function as SNI is known.
So what is SNI?
SNI is also known as Server Name Indication and is an extension of the TLS network protocol. It works by the client (in most cases the browser), what it tries to connect to the SSL handshake process at the beginning of the host name.
If the client SSL handshake process begins with its Hello and Server Name requested extension, the NetScaler will correspond with the server name bound by the SNI certificate to the desired virtual server. If no match is found, the NetScaler then an unrecognized message name and resets the connection.
When the customer starts the SSL handshake process with its Hello and NO server name extension requested, returned the default bound Virtual Server Certificate.
What can it do for you?
only to use the value-add to this particular feature enables cloud network administrators an IP address and use multiple SSL certificates for their load -balanced backend server
here's how to apply SNI SSL certificates on the virtual server .:
scenario:
content switching Virtual Server (more content switching: http://bit.ly/1T73M3i)
- content switching is to identify leveraged. Content on the HTTP header (host), and to the correct back-end server direct
step by step guide:
Note: is is complete provided that has the following.
- All were validated SSL certificates, and installed on the NetScaler.
- All backend virtual servers on the NetScaler (non-addressable) were configured.
Step 1 :. Add the content Virtual Server Switching
Step 2: Add the appropriate measures on the content switching virtual server
[KlickenSieauf to access the Edit (pencil) to the SSL parameters advanced setting: step 3. : next, click next to the check box of SNI function enable and click OK
step 4. Certificates Advanced settings, and click the No server certificate box, the certificates for each back-end server.
used to add 
Step 5: The > icon, and check the server certificate for SNI checkbox of any of SSL Certificates Add. Repeat these steps for all other SSL certificates required
As Test .:
NOTE: A DNS records for each of the back-end Web servers with the same IP address were created, how they are uniquely identified by the layer7 HTTP headers
IE. : blue .training.lab = 10.10.10.10 red .training.lab = 10.10.10.10 green .training.lab = 10.10.10.10
using content switching and the SNI server name extension is the Citrix NetScaler can deter, where the client request forwarded to.
example for the client to connect to the blue Web server on the same IP address is a unique SSL certificate and SNI server name extension:
example of the client to the Link Green Web server on the same IP address is a unique SSL certificate and SNI Server name extension:
example of customers connect to the Red Web server on the same IP address, a unique SSL certificate and SNI server name extension:
This comment has been removed by the author.
ReplyDeleteGreat post I would like to thank you for the efforts you have made in writing this interesting and knowledgeable article. private rdp
ReplyDeleteLooking forward to reading more. Great post. Much thanks again. Cool.what are ssl certificates
ReplyDeleteHello, this weekend is good for me, since this time i am reading this enormous informative article here at my home. שרת וירטואלי
ReplyDelete