Cerner FHIR Developers
We are writing to inform our FHIR API consumers that we will
be requiring the use of SNI for all requests starting January 2021.
Starting January 31st, 2021, Cerner will no longer support legacy application requests which are not implementing SNI. Until that time, the fhir-ehr.cerner.com domain will continue to support legacy application requests.
Certain FHIR domains, such as fhir-ehr-code.cerner.com and fhir-myrecord.cerner.com, already require SNI as an extension of TLS. We encourage those unsure about their SNI support to use fhir-ehr-code.cerner.com to validate proper TLS/SNI support for FHIR applications.
What is SNI?
SNI is an extension to the Transport Layer Security networking protocol. It allows multiple certificates to be implemented on the same IP address and port combination. It requires the client to indicate the hostname it is attempting to connect to as part of the handshake process.
Learn more: https://en.wikipedia.org/wiki/Server_Name_Indication
How will I know if my application supports TLS with SNI?
Most modern software and languages have implemented support for SNI. You can use the Support table in Wikipedia to determine if a language, framework, or dependency does not support SNI.
Additionally, developers can use fhir-ehr-code.cerner.com as an endpoint for validating support for SNI. A legacy application will be unable to make a request to fhir-ehr-code.cerner.com.
If you have more questions about this change, we encourage anyone to post questions to the community using our Google group.