Actually, virtual host headers can be used for SSL as well. In the HTTP request below, the line, "Host: www.microsoft.com" is what selects the actual site.
- GET / HTTP/1.1
- Host: www.microsoft.com
- User-Agent: Windows-RSS-Platform/1.0 (MSIE 7.0; Windows NT 5.1)
- MSIE /7.0
- Accept: */*
- Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
- Accept-Encoding: gzip,deflate
- Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- Keep-Alive: 300
- Connection: keep-alive
- Cookie: secret authentication token 12345
When SSL is used, the certificate only states that one IP maps to a single hostname (wildcards for a domain).
Reverse DNS mapping of IP addresses cannot occur for more than one IP address without error, but SSL (and TLS) do not actually mandate reverse PTR records.
The issue and why some sites do not allow it is that multiple certificates can be stored on a single server, so if one virtual server is compromised through a poorly configured web app, many sites can be compromised.
So, it is possible to use SSL on a virtual server with one IP, but it is not always recomended (esp. if the server is shared and you could risk losing control of your certificate keys).