I think this should be doable for single cert with multiple domains. Setup you exising ip with one domain (ie. mysecure_domain.com). Get the cert on this domain. Setup a rewrite rule in apache for port 443 for mysecure_domain.com You could use a self signed cert to experiment. When user logs in request login page goes to site1 - http://domain_one.com: You would need to make your login go to you login page https://mysecure_domain/site1/login site2 - http://domain_two.com: https://mysecure_domain/site2/login Once logged in goes to whatever you have in your vhm http://www.domain_one.com /site1 in vhm http://www.domain_two.com /site2 in vhm in vhm you'd have: www.domain_one.com /site1 www.mysecure_domain/site1 /site1 www.domain_two.com /site2 www.mysecure_domain/site2 /site2 The problem here will be the session since when you login secure and switch back to the regular site, your ssl session will expire automatically but you'll need to pass it to nonssl to stay alive when you go back to nonssl. I think a solution might be to store it, go to nonssl and then retreive it when you do your redirect back to non-ssl. I have not tried this yet. Alternatively you could always stay in ssl from that point forward. Any technique from someone on this would be helpful since I am also interested in what possibilities there might be. This should not give you a problem with the cert because identity on cert would match the ip. I think otherwise you are in a situation where you will need a dedicated server setup to have one ip per site and then you can just do a single rewrite per ip or use chained ssl if you have sub domains that you want to tie together under a single cert over one or more ips on one or more servers. Regards, David