Origin SNI Request

Origin SNI Request enables the CDN to send the correct Server Name Indication (SNI) value when establishing SSL/TLS connections with your origin. This ensures that the origin server selects the appropriate SSL certificate, especially when hosting multiple domains on the same IP address.

Enabling this feature improves compatibility and prevents certificate mismatch errors during HTTPS communication.

You can manage Origin SNI Request using the Medianova Control Panel or API.

In the Medianova Control Panel, go to CDN Resources, select your resource, and navigate to Origin Settings.

Configure Origin SNI Request

Follow the steps below to enable and configure Origin SNI Request for your CDN Resource.

1

Enable Origin SNI Request

Toggle Origin SNI Request to On.

The domain input field becomes active.

2

Enter the SNI Domain

Provide the Origin SNI Request Domain:

• Enter the domain name that should be included as the SNI value during SSL/TLS handshake.

• Ensure this domain corresponds to a valid SSL certificate installed on your origin server.

3

Save the Configuration

Click Submit to apply your settings. Origin SNI Request is now enabled for the CDN Resource.

How SNI Works

During an SSL/TLS handshake, the CDN includes the SNI extension, which specifies the domain name requested by the client. This allows the origin server to:

• Select the correct SSL certificate

• Support multiple domains on a shared IP

• Avoid certificate mismatch errors

When to Enable Origin SNI Request

Use this setting when:

• Your origin serves multiple HTTPS domains from the same IP

• The origin requires SNI to present the correct SSL certificate

• You encounter HTTPS 421 or certificate mismatch errors

What Happens if the Setting is Disabled

If SNI is not sent:

• The origin may return the wrong SSL certificate

• HTTPS validation may fail

• Dynamic requests may intermittently fail under multi-domain hosting setups

Troubleshooting

Issue: HTTPS requests fail with certificate mismatch. Cause: The origin returned the default certificate instead of the certificate for the requested domain. Fix: Enable Origin SNI Request and enter the correct domain.

Issue: Origin returns 421 Misdirected Request. Cause: The origin requires SNI to route the request to the correct virtual host. Fix: Ensure the SNI domain matches the vhost configuration on the origin.

Issue: Requests fail after enabling SNI. Cause: Incorrect domain entered in the Origin SNI Request Domain field. Fix: Confirm that the domain matches a valid certificate installed on the origin.