Problems with multiple SSL on same IP, but only in select clients

SNI support is still, unfortunately, rather lacking. You don't specify, but I'd wager that your problematic IE browsers are on Windows XP machines, yes? There is no SNI support in any version of IE on Windows XP (or earlier); only Vista and later support it, and only in IE 7 and later.

See here for a list of browsers supporting SNI.

My advice: If you need to support clients that lack SNI support (and with the number of XP systems still out there, you quite likely do need to), then you'll have to implement solutions that do not depend on SNI.


If you want to reach a broad audience, then do not use SNI. It is not supported widely enough and you should avoid it for at least a couple of years from now.

You should have a look at UCC/SAN certificates instead. It's usually more pricey, but it's the right thing to do in this situation. Or you could have allocated an IP address for each site.

http://www.geotrust.com/ssl/ssl-certificates-san-uc/ gives a little more info on this type of certificate.


Today about 10% of the internet users lack support for Server Name Indication. At GlobalSign we recently created a solution to support users that have no support for Server Name Indication (SNI) by using two SSL Certificates (one is for the IP address and is free). You can read more about the problem and the solution we created to safely host multiple SSL Certificates on a single IP address in a blog article that we published today.

https://www.globalsign.com/blog/saving-ipv4-resources.html