SNI Custom SSL vs Dedicated IP Custom SSL

Home » AWS Cheat Sheets » SNI Custom SSL vs Dedicated IP Custom SSL

SNI Custom SSL vs Dedicated IP Custom SSL

Last updated on April 12, 2023

Server Name Indication (SNI) Custom SSL

Dedicated IP Custom SSL

  • Relies on the SNI extension of the TLS protocol, which allows multiple domains to serve SSL traffic over the same IP address.

  • Offers the same level of security when using Dedicated IP Custom SSL.

  • If you configure CloudFront to serve HTTPS requests using SNI, CloudFront associates your alternate domain name with an IP address for each edge location. The IP address to your domain name is determined during the SSL/TLS handshake negotiation, and isn’t dedicated to your distribution.

  • Some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content.

  • You can use SNI Custom SSL with no upfront or monthly fees for certificate management.
  • Mainly useful for browsers that do not support SNI.

  • For this feature, the Amazon content delivery network allocates dedicated IP addresses to serve your SSL content at each Edge location.

  • You will need to upload a SSL certificate and associate it with your CloudFront distributions.

  • You can associate more than two custom SSL certificate with your AWS Account by submitting a CloudFront Limit Increase Form.

  • This method works for every HTTPS request, regardless of the browser or other viewer that the user is using.

  • Because of the added cost associated with dedicating IP addresses per SSL certificate, AWS charges a fixed monthly fee of $600 for each custom SSL certificate you associate with your content delivery network distributions, pro-rated by the hour.

  • You can switch to using a custom SSL/TLS certificate with SNI instead and eliminate the charge that is associated with dedicated IP addresses.

References:

https://aws.amazon.com/cloudfront/custom-ssl-domains/
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-https-dedicated-ip-or-sni.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-switch-dedicated-to-sni.html

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials dojo strip

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?