- Release Notes and Announcements
- CLB Release Notes
- [April 15, 2024] Domain Name Upgrade for Domain Name-based Public Network CLB
- [July 25, 2023] Adding Rate Limits on Shared CLB Instances
- [July 3, 2023] CLB API Authentication Upgrade
- [June 9, 2023] Adjusting the Grace Period for Pay-as-you-go CLB Instances
- [March 6, 2023] Launching Domain Name-Based Public CLBs
- [Feb. 24, 2023] Changing Health Check Source IP to 100.64.0.0/10 IP Range
- Product Introduction
- Purchase Guide
- Getting Started
- Directions
- CLB Instance
- Directions for Upgrading to Domain Name-Based CLB
- Creating CLB Instances
- Creating an IPv6 CLB Instance
- Creating IPv6 NAT64 CLB Instances
- Configure CLB Forwarding Domain Name
- Configuring CLB Security Group
- Binding Private Network CLB to EIP
- Enabling or Disabling a CLB Instance
- Cloning CLB Instances
- Exporting CLB Instances
- Upgrade to a LCU-supported instances
- Adjusting Specification of LCU-supported CLBs
- Deleting CLB Instances
- Releasing Idle CLB Instances
- Configuring Deletion Protection
- Adjusting Instance Public Network Configurations
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring a UDP Listener
- Configuring TCP SSL Listener
- Configuring a QUIC Listener
- Configuring an HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring gRPC Support for Layer-7 Protocols
- Real Server
- Health Check
- Certificate Management
- Log Management
- Monitoring and Alarm
- Cloud Access Management
- Classic CLB
- CLB Instance
- Practical Tutorial
- Enabling Gzip Compression & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Best Practices for Configuring Load Balancing Monitoring Alerts
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Configure IAP to authenticate web access to the CLB domain and path
- Configure IAP to authenticate programmatic access to CLB's domain and path
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Instance APIs
- Listener APIs
- Backend Service APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- DescribeClsLogSet
- CreateLoadBalancerSnatIps
- DeleteLoadBalancerSnatIps
- DescribeLoadBalancerListByCertId
- DescribeQuota
- ModifyLoadBalancersProject
- ReplaceCertForLoadBalancers
- SetLoadBalancerClsLog
- SetLoadBalancerSecurityGroups
- SetLoadBalancerStartStatus
- SetSecurityGroupForLoadbalancers
- CreateClsLogSet
- CreateTopic
- DescribeLoadBalancerTraffic
- DescribeResources
- DescribeTaskStatus
- InquiryPriceCreateLoadBalancer
- InquiryPriceModifyLoadBalancer
- InquiryPriceRenewLoadBalancer
- Classic CLB APIs
- Making API Requests
- Load Balancing APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- CLB Release Notes
- [April 15, 2024] Domain Name Upgrade for Domain Name-based Public Network CLB
- [July 25, 2023] Adding Rate Limits on Shared CLB Instances
- [July 3, 2023] CLB API Authentication Upgrade
- [June 9, 2023] Adjusting the Grace Period for Pay-as-you-go CLB Instances
- [March 6, 2023] Launching Domain Name-Based Public CLBs
- [Feb. 24, 2023] Changing Health Check Source IP to 100.64.0.0/10 IP Range
- Product Introduction
- Purchase Guide
- Getting Started
- Directions
- CLB Instance
- Directions for Upgrading to Domain Name-Based CLB
- Creating CLB Instances
- Creating an IPv6 CLB Instance
- Creating IPv6 NAT64 CLB Instances
- Configure CLB Forwarding Domain Name
- Configuring CLB Security Group
- Binding Private Network CLB to EIP
- Enabling or Disabling a CLB Instance
- Cloning CLB Instances
- Exporting CLB Instances
- Upgrade to a LCU-supported instances
- Adjusting Specification of LCU-supported CLBs
- Deleting CLB Instances
- Releasing Idle CLB Instances
- Configuring Deletion Protection
- Adjusting Instance Public Network Configurations
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring a UDP Listener
- Configuring TCP SSL Listener
- Configuring a QUIC Listener
- Configuring an HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring gRPC Support for Layer-7 Protocols
- Real Server
- Health Check
- Certificate Management
- Log Management
- Monitoring and Alarm
- Cloud Access Management
- Classic CLB
- CLB Instance
- Practical Tutorial
- Enabling Gzip Compression & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Best Practices for Configuring Load Balancing Monitoring Alerts
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Configure IAP to authenticate web access to the CLB domain and path
- Configure IAP to authenticate programmatic access to CLB's domain and path
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Instance APIs
- Listener APIs
- Backend Service APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- DescribeClsLogSet
- CreateLoadBalancerSnatIps
- DeleteLoadBalancerSnatIps
- DescribeLoadBalancerListByCertId
- DescribeQuota
- ModifyLoadBalancersProject
- ReplaceCertForLoadBalancers
- SetLoadBalancerClsLog
- SetLoadBalancerSecurityGroups
- SetLoadBalancerStartStatus
- SetSecurityGroupForLoadbalancers
- CreateClsLogSet
- CreateTopic
- DescribeLoadBalancerTraffic
- DescribeResources
- DescribeTaskStatus
- InquiryPriceCreateLoadBalancer
- InquiryPriceModifyLoadBalancer
- InquiryPriceRenewLoadBalancer
- Classic CLB APIs
- Making API Requests
- Load Balancing APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
SNI Support for Binding Multiple Certificates to a CLB Instance
Last updated: 2024-10-10 16:46:13
Server Name Indication (SNI) is designed to solve the problem that one server can only use one certificate so as to improve SSL/TLS extensions of the server and the client. If a server supports SNI, it means that the server can be bound to multiple certificates. To use SNI for the client, the domain name to connect to should be specified before SSL/TLS connections to the server are established, and then the server will return an appropriate certificate based on the domain name.
Use Cases
A layer-7 HTTPS CLB listener supports SNI, i.e., binding multiple certificates, which can be used by different domain names in the listening rules. For example, in the same
HTTPS:443 listener of a CLB instance, you can use certificate 1 and certificate 2 for *.test.com and *.example.com respectively to forward requests from these domain names to two different sets of servers.Prerequisites
Note:
Classic CLB does not support forwarding based on domain name and URL; therefore, it does not support SNI.
Directions
1. Log in to the CLB console.
2. Configure an HTTPS listener and enable SNI.
3. When adding a forwarding rule to the listener, configure different server certificates for different domain names. Then, click Next and configure health check and session persistence.
Yes
No
Was this page helpful?