As you can see if you already tried to install multiple SSL virtualhosts using mod_ssl (which relies on OpenSSL), if you activate them and restart Apache2, you will get a warning like :
[warn] vhost2 VirtualHost overlap on port 443, the first (vhost1) has precedence
If the warnings are not enabled or not displayed, you may see on a web browser a security alert for all SSL virtualhosts except the default one.
Indeed, it will always send the default SSL certificate if you use mod_ssl, the default SSL library.
The SNI support in the SSL libraries, SNI means Server Name Indication, this option is not enabled by default in OpenSSL.
When a client connects to the webserver, it will first establish the SSL connection before knowing the server name, so the certificate that is sent is always the default one.
In OpenSSL, the SNI support has been integrated in the production versions since 0.9.8k, but it is not enabled by default, you will have to compile OpenSSL to get it to work.
An other library called GnuTLS has this option enabled so you may use it directly to create multiple SSL virtualhosts, each using their own certificate.
The problem and the prerequisites to use OpenSSL with the SNI support and Apache2 is explained on the wiki of Apache.org.
If compiling is not a thing you like to do, you can avoid the use of mod_SSL and use mod_GnuTLS, install first the package:
apt-get install libapache2-mod-gnutls
Disable mod_SSL and enable mod_GnuTLS :
a2dismod ssl a2enmod gnutls
Then configure the virtualhosts with the certificates :
<IfModule mod_ssl.c> ... </IfModule>
<VirtualHost *:443> ServerName domain1.tld DocumentRoot /var/www/domain1 [...] GnuTLSEnable on GnuTLSExportCertificates on GnuTLSCacheTimeout 500 GnuTLSCertificateFile /etc/ssl/certs/domain1.crt #GnuTLSClientCAFile /etc/ssl/ca.gandi.net.cert GnuTLSKeyFile /etc/ssl/private/domain1.key #GnuTLSPriorities NONE:+AES-128-CBC:+ARCFOUR-128:+RSA:+SHA1:+MD5:+COMP-NULL:$ GnuTLSPriorities NORMAL # SSL Protocol Adjustments: BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force$ [...] </VirtualHost>
Source : Multiple SSL certificates on a single IP/port using mod_GnuTLS