SNI Support Domino 11 - Best Practice

anon-793 · May 8, 2021, 9:51pm

Hi Domino Community,

i am trying to use the sni support on my upgraded domino 11.0.1 fp3 server.

I tried multiple scenarios, but nothing worked for me.

In the past i had 10 IPs for 10 ssl services.

In my new scenario the server listens only to one IP and all services pointed to the ip.

config internet sites:
- default site with NO IP adress and a default URL/Homepage URL
- 10 other sites with NO IP, a default URL/Homepage URL and a hostname like serviceABC.domain.xyz

when i open the service ABC (serviceABC.domain.xyz), the homepage of the default site is open(serviceABC.domain.xyz/homepageURL-defaultSite).

Does anybody have more knowledge and practice with domino 11 and SNI ?

greetings ;)

anon-985 · May 8, 2021, 10:10pm

Did you enable SNI support with the Notes.ini parameter ENABLE_SNI=1 ?

anon-727 · May 9, 2021, 7:46am

You should have at least one website that has an IP address specified.

https://help.hcltechsw.com/domino/11.0.1/admin/wn_domino_sni.html

-To use SNI, there must be either a default Web site configured or at least one Web site with an IP address configured to use as the starting point for the TLS hand shake. If the server receives the TLS SNI extension, it attempts to switch to the site that matches the host name in the SNI extension after the TLS handshake is complete.

anon-749 · May 9, 2021, 6:12pm

Check the information provided in below URL -->

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0085613

Regards,

Amit Sharma

debisschopk · May 10, 2021, 11:33am

Hello, you also need to make sure that you have a SAN (Subject Alternative Name) defined on the SSL certificate.