Configure Server Name Indication (SNI) to support multiple TLS certificates on the same IP address, allowing different certificates to be presented based on the requested hostname.
About this task
Server Name Indication (SNI) is a TLS extension that enables a server to present the appropriate certificate based on the hostname requested by the client during the TLS handshake. This is particularly useful when hosting multiple domains on a single IP address, as each domain can have its own certificate.
Use this procedure to configure SNI for your API Connect gateway endpoints, allowing you to serve different TLS certificates for different domain names.
Procedure
-
Log in to the API Connect Manager with administrative credentials.
-
Navigate to
.
-
Select the Gateways tab to view the gateway configurations.
-
In the gateways list, click the Configure SNI icon to open the SNI configuration interface.
-
Configure the SNI settings:
- TLS client profile - If your gateway type is Remote, select a TLS client profile,
otherwise skip this step.
Tip: Remote gateways require a TLS client profile to establish secure connections with the API Connect management server.
- Domain name – Specify the domain name that the gateway uses to identify incoming requests. Click Add domain to add multiple domain names that should use this configuration.
Tip: You can configure multiple domain names to use the same TLS server profile, or assign different profiles to different domains.
- TLS server profile – Select the TLS server profile that defines the certificate chain and supported cipher suites for secure communication with clients for the specified domain.
Important: Ensure that the certificate in the TLS server profile matches the domain name you specify. The certificate's Common Name (CN) or Subject Alternative Name (SAN) should include the domain.
-
Click Save to apply the SNI configuration.
The gateway will now present the appropriate certificate based on the hostname in client requests.
