Windows Server 2012 Internet Information Services 8 (IIS) includes support for the Server Name Indication (SNI) extension. To establish a secure channel with a webserver, clients request certificates from the server so that data can be encrypted. When multiple website domains are present on a virtual host server with a single IP address and port, the server doesn’t know which certificate to send to the client because HTTP headers are not available during the SSL handshake. Only the IP address and port can be established from the TCP header. SNI solves this problem by adding server information to the Client Hello message.
Browsers need to support the SNI extension to successfully connect to a server that requires it. Internet Explorer 7 (and later) support SNI, but it is worth noting that it’s not supported in any version of IE running on Windows XP (or earlier). Windows Phone 7 (and later) supports SNI, as does Safari 2.1 (or later) on MAC OS X 10.5.6 or Windows Vista (and later).
IIS 8 on Windows Server 2012 has SNI support enabled out-of-the-box. You need to specify on individual SSL site bindings if they will require Server Name Indication, also known as Hostname:Port binding. Additionally, you must specify a host name so that client requests can be matched to websites on the server.
If the Client Hello doesn’t include the server name extension, connection to the server will fail; unless a legacy IP:Port SSL binding exists for the site, and IIS will attempt to complete the connection.
To require Server Name Indication for a new site in IIS8:
To add a new SSL binding with Server Name Indication on an existing SSL site in IIS8: