Version: Early Access

Disable SNI Check in Release

When running Digital.ai Release with HTTPS enabled in Kubernetes, you may need to disable the Server Name Indication (SNI) check in certain scenarios. This guide explains how to safely disable the SNI check using Kubernetes commands.

Understanding SNI Check

The SNI (Server Name Indication) check is a TLS (Transport Layer Security) feature that enables a client to specify the target hostname during the initial TLS handshake. This feature is particularly useful for servers hosting multiple domains on a single IP address, allowing them to present the correct SSL certificate based on the requested hostname.

Prerequisites

Before proceeding, ensure that:

You have installed Release with HTTPS enabled (ssl.enabled: true)
You configured HTTPS during the xl kube install process by selecting HTTPS - Secure HTTP for the Release server protocol

Disabling SNI Check

note

The SNI check is enabled by default when HTTPS is configured for Release.

To disable the SNI check, run the following command to update the Release Custom Resource (CR):

kubectl patch -n digitalai digitalaireleases.xlr.digital.ai dai-xlr \
--type=merge --patch '{"jvm":{"options": {"sniHostCheck": false}}}'

info

After applying this change, the Release pods will automatically restart to apply the new configuration.

Understanding SNI Check​

Prerequisites​

Disabling SNI Check​

Understanding SNI Check

Prerequisites

Disabling SNI Check