I think the way to do it is to host a secure site on a shared domain name (eg mywebhost-secure.com) and then place the secure parts of your customer's sites in there as subdirectories (or subdomains, with a wildcard SSL certificate). If you create symlinks from your customer's ssl directory they won't notice any difference as long as you get the security right.
Doing this gets round the problem where the cert name doesn't match the site name, but browsers would see the secure url instead of the site they came from. If you name the subdirectory right, it'll be obvious what's happening - eg a visitor to 'mysite.com' gets redirected to the secure pages of mysite.com, it'd show up as 'securehost.com/mysite' instead.
I think that's the best you can do, you cannot share SSL certificates on a single IP as the encryption has to happen before apache can tell which vhost the browser is looking for, hence its 1 cert to each IP address only.
Do not meddle in the affairs of Dragons, for you are crunchy and taste good.