tencent cloud


SNI Support for Binding Multiple Certificates to a CLB Instance

Last updated: 2020-10-20 10:36:41

    Server Name Indication (SNI) is designed to solve the problem that one server can only use one certificate so as to improve SSL/TLS extensions of the server and the client. If a server supports SNI, it means that the server can be bound to multiple certificates. To use SNI for the client, the domain name to connect to should be specified before SSL/TLS connections to the server are established, and then the server will return an appropriate certificate based on the domain name.

    Use Cases

    A layer-7 HTTPS CLB listener supports SNI, i.e., binding multiple certificates, which can be used by different domain names in the listening rules. For example, in the same HTTPS:443 listener of a CLB instance, you can use certificate 1 and certificate 2 for *.test.com and *.example.com respectively to forward requests from these domain names to two different sets of servers.


    You have purchased a CLB instance.

    Classic CLB does not support forwarding based on domain name and URL; therefore, it does not support SNI.


    1. Log in to the CLB console.
    2. Configure an HTTPS listener and enable SNI.
    3. When adding a forwarding rule to the listener, configure different server certificates for different domain names. Then, click Next and configure health check and session persistence.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support