My understanding of wildcard certs is that I can get *.mydomain.com to be secured. Will that same certificate work for the server's IP address like https://126.96.36.199 as well, or is this simply not possible? (I wouldn't mind purchasing a second normal cert if I needed to.) Will most browsers display any warning messages when using the IP as the host?
For that matter, what is the scoop on browser compatibility with wildcard certs overall? I have heard that they work perfectly fine with around 90% of all SSL-enabled browsers, and approximately 9% of all ssl browsers will display a warning message. The last 1% (of normally ssl-enabled browsers) I guess just can't work with them no matter what? Do these numbers seem accurate?
Also, I hope some people who resell colocated webserver hosting might be able to give their thoughts and/or experiences using shared SSL. Do you use the wildcard method and allow everyone to use https://theirdomain.com.yourwebhost.com? Or do you give them https://secure.yourwebhost.com/~user/, or perhaps both?
To be honest, they both look terribly unprofessional (for the user's customers that is). The first subdomain one probably wouldn't be so bad if it didn't have to have two dot-coms in it. I suppose I could just lop off the tld extension, as the probability of one customer on my site having somedomain.com and another customer having somedomain.net/org/ws/etc at the same time is as good as zero (although the probability that some thief tries to use this method to rip off the original owner is pretty darn reasonable).
There is no right answer to the question above about whether to use the wildcard method or to append a ~user to the end of the shared SSL. Wildcard certs cost more than a regular cert, but look slightly better. If you're offering shared SSL, it's probably due to price. But certs are not that expensive these days and anyone who is serious about SSL for their site should get their own cert. I don't offer shared SSL to my clients - I tell them to do it right and buy their own cert.
We were going to offer certs for $89/yr or whatever, but then we realized you just can't do it on a colocated host. We can't give an IP per account. They would need their own dedicated server, which are not so cheap.
Your data center should be able to provide additional IP addresses for your server (for a small price, most likely). Some data centers require that you "justify" the IP usage, which would be no problem in the case of SSL certificates.