Would it be hard to make different listener addresses present different server certificates, signed by different CA certificates? (I'm sure I've asked someone on that before, but don't remember if it was this list.) -- Hallvard