zhoumeng
3a55e4d067
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com> Co-authored-by: zhoumeng <zhoumeng35@huawei.com> Co-committed-by: zhoumeng <zhoumeng35@huawei.com>
3.9 KiB
SNI Certificate (for HTTPS Listeners)
Scenarios
If you have an application that can be accessed through multiple domain names and each domain name uses a different certificate, you can enable Server Name Indication (SNI) when you add an HTTPS listener.
SNI, an extension to Transport Layer Security (TLS), enables a server to present multiple certificates on the same IP address and port number. SNI allows the client to indicate the domain name of the website while sending an SSL handshake request. Once receiving the request, the load balancer queries the right certificate based on the hostname or domain name and returns the certificate to the client. If no certificate is found, the load balancer will return the default certificate.
A maximum of 30 SNI certificates can be bound to each HTTPS listener.
Prerequisites
You have created a certificate by performing the operations in Creating, Modifying, or Deleting a Certificate.
- You must specify at least one domain name for each certificate. The domain name must be the same as that in the certificate.
- If a certificate has expired, you need to manually replace or delete it by following the instructions in Replacing a Certificate.
Procedure
- Log in to the management console.
- In the upper left corner of the page, click
and select the desired region and project. - Hover on
in the upper left corner to display Service List and choose Network > Elastic Load Balancing.
- Locate the load balancer and click its name.
- Click Listeners and locate the listener. In the Basic Information area, click Configure on the right of SNI.
- Enable SNI and select the SNI certificate.
- Click OK.