Internet resources made available between web servers and client terminals using domain names, domains, subdomains, or the like, are defined by the Internet address the resources are located at. Domains are described, for example, in Mockapetris, P., “Domain names—concepts and facilities”, IETF STD 13, RFC 1034 [online], November 1987 [retrieved on 2015 Sep. 30], retrieved from the Internet: tools.ietf.org/html/rfc1034, DOI: 10.17487/RFC1034, incorporated herein by reference in its entirety. In further example, domains are described in Mockapetris, P., “Domain names—implementation and specification”, IETF STD 13, RFC 1035 [online], November 1987, [retrieved on 2015 Sep. 30], retrieved from the Internet: http://tools.ietf.org/html/rfc1035, DOI: 10.17487/RFC1035, incorporated herein by reference in its entirety. The Internet resource and client data transferred between the client terminal and the web server may be transferred in an unencrypted connection, such as using a hypertext transfer protocol (HTTP), or on a secure and encrypted connection, such as using HTTP (HTTPS).
Web servers usually provide secure connections to client terminal web browsers and/or applications using transport layer security (TSL) protocols, secure socket layer (SSL) protocols, and/or the like. The TSL protocol is described, for example, in Dierks et al., “The Transport Layer Security (TLS) Protocol Version 1.2”, IETF RFC 5246, [online], August 2008 [retrieved on 2015 Sep. 30], retrieved from the Internet: tools.ietf.org/html/rfc6101, DOI: 10.17487/RFC5246, incorporated herein by reference in its entirety. Such secure connections may use a secure Internet address port 443, a digital certificate, and/or the like. When the client terminal application requires a secure connection, a clienthello security message is sent encapsulated inside a data packet of the computer network infrastructure. The web server may receive secure connection requests to multiple virtual and/or real web sites managed by the server. The clienthello message may include a Server Name Indication (SNI) field to allow the web server to determine the hostname and respective digital certificate to send to the client terminal thereby enabling the secure connection. The SNI protocol extension is described, for example, in Blake-Wilson et al., “Transport Layer Security (TLS) Extensions”, IETF RFC 3546 [online], June 2003 [retrieved on 2015 Sep. 30], retrieved from the Internet: tools.ietf.org/html/rfc3546, DOI 10.17487/RFC3546, incorporated herein by reference in its entirety.
A digital certificate (DC) may be issued by a certification authority (CA), such as Comodo, Symantec, GoDaddy, GlobalSign, DigiCert, and the like. Certificate and certification standards are described, for example, in Cooper et al., “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, IETF RFC 5280 [online], May 2008, [retrieved on 2015 Sep. 30], retrieved from the Internet: tools.ietf.org/html/rfc5280, DOI: 10.17487/RFC5280, incorporated herein by reference in its entirety. The digital certificate includes a public key, the identity of the owner, and the like. The client terminal can then validate the identity of the CA and thereby the validity of the public key before facilitating the secure connection with the web server. Thus the privacy and integrity of the data exchanged between the client terminal and the web server is ensured.
Data encapsulation layers of an Internet protocol include a link layer for physical transport of data packets, an Internet layer for directing the packets to the web servers, a transport layer that may include security protocols, and an application layer that transfers the data between the cline terminal and the web server applications, such as a hypertext transfer protocol (HTTP) and the like. HTTP standards are described, for example, in Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1”, IETF RFC 2616 [online], June 1999, [retrieved on 2015 Sep. 30], retrieved from the Internet: tools.ietf.org/html/rfc2616, DOI: 10.17487/RFC2616, incorporated herein by reference in its entirety. When an application or user of a client terminal requires a secure connection, a special request is made to provide security of the transport layer to application layer, such as using a HTTP Secure (HTTPS) protocol. An application running on the client terminal may require a secure connection to a web server and an HTTPS protocol command is sent to the web server, such as HTTPS://secureconnection.webserver.com/secure_commenction.html and the like. Such as protocol command initiates a clienthello message encapsulated in the data packet to facilitate a secure connection to the web server before transferring date between the client terminal and the web server. The clienthello message may contain the SNI field to allow the web server to return the correct DC for the hostname secureconnection.webserver.com.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the figures.