Hopefully something here will be useful

Name-based SSL virtual hosts ... it's possible

So I always thought it was not possible to do name-based virtual hosts with SSL. I thought that no matter what you were forced to either place each different SSL site on its own port or its own IP. Apparently this is not true... at least with Apache. I dont know about other web servers.

First, some conditions. This only works well if your sites are all only subdomains of a single domain. For example, site1.foo.com, site2.foo.com. What you first need is an SSL certificate for "*.foo.com". This allows you to use the same certificate for each of your SSL sites that ends in foo.com.

Next all you have to do is configure Apache to use name-based virtual hosting on the SSL port the same way you'd configure it for a non-SSL port (i.e. setup separate NameVirtualHost and VirtualHost directives for the SSL port). For each SSL virtual host the SSL info must be the same. Since SSL itself has no concept of name-based virtual hosts the SSL negotiation for each virtual host will identical and only a single certificate can be presented across all the virtual hosts on a particular IP and port. This is why we want to make sure the certificate will work for all the subdomains of our site. This way the visitor doesn't get a warning that the name of the site doesn't match the certificate when he visits a subdomain other than the one the certificate was originally intended for. Once the SSL negotiation has taken place apparently Apache processes the underlying HTTP request like any other which means we can treat the virtual hosts just like we would non-SSL virtual hosts.

---