SUSE Support

Here When You Need Us

How to troubleshoot SNI enabled endpoints with curl and openssl

This document (000020154) is provided subject to the disclaimer at the end of this document.

Situation

Issue

A modern webserver hosting or proxying to multiple backend domain names will often be configured to use SNI (Server Name Indication).

SNI allows multiple SSL-protected domains to be hosted on the same IP address, and is commonly used in Kubernetes with ingress controllers, for example, the nginx ingress controller.

As the SNI extension requires a slight change to the conversation between client and server - the hostname must be provided in the Hello message to correctly access the associated domain name.

This can present an issue when troubleshooting a node or pod directly, where an IP address is used.

Pre-requisites

  • The curl and/or openssl command installed
  • Network access to the endpoint you wish to troubleshoot

Steps

To perform an SNI-compliant request using an IP address, use the following commands replacing the domain name and IP address.

  • Using the curl command:
curl -v --resolve domain.com:443:<ip address> https://domain.com
  • Using openssl can be useful to obtain details about the certificate configured:
openssl s_client -showcerts -servername domain.com -connect <ip address>:443

Further reading

More information on SNI can be found here.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020154
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.