How to troubleshoot SNI enabled endpoints with curl and openssl

Table of Contents


A modern webserver hosting or proxying to multiple backend domain names will often be configured to use SNI (Server Name Indication).

SNI allows multiple SSL-protected domains to be hosted on the same IP address, and is commonly used in Kubernetes with ingress controllers, for example, the nginx ingress controller.

As the SNI extension requires a slight change to the conversation between client and server - the hostname must be provided in the Hello message to correctly access the associated domain name.

This can present an issue when troubleshooting a node or pod directly, where an IP address is used.


  • The curl and/or openssl command installed
  • Network access to the endpoint you wish to troubleshoot


To perform an SNI-compliant request using an IP address, use the following commands replacing the domain name and IP address.

  • Using the curl command:
curl -v --resolve<ip address>
  • Using openssl can be useful to obtain details about the certificate configured:
openssl s_client -showcerts -servername -connect <ip address>:443

Further reading

More information on SNI can be found here.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.