SNI
also: Server Name Indication
Server Name Indication (SNI) is a TLS extension that allows a client to specify which hostname it is connecting to during the initial handshake, enabling a single IP address to host multiple SSL/TLS certificates.
SNI solves the problem of serving multiple HTTPS websites from one IP address. Without it, the server cannot know which certificate to present until after the TLS handshake begins, making it impossible to host multiple domains securely on shared infrastructure.
When a client connects, it sends the target hostname in the ClientHello message before the encryption is established. The server then selects and presents the correct certificate for that domain. This is essential for modern web hosting, CDNs, and cloud services.
Example: A reverse proxy at 203.0.113.45 hosts example.com and test.org with different certificates. When a client connects to example.org, SNI tells the proxy which certificate to use—without SNI, it would fail or show the wrong certificate.