Content Delivery Networks use Wildcard DNS and a Wildcard SSL cert to deliver content over SSL.

Look at the cloudfront.net setup. Typically a {14 character log36 name}.cloudfront.net

something like:

https://d36vh9gkg2fz...oudfront.net/home

That is a wildcard DNS name being served by a vhost and the DNS name resolving to a batch of closely GeoLocated IP Addresses.

greg@maxime:~/iso [6] $ dig d36vh9gkg2fzwi.cloudfront.net

[snip]

;; QUESTION SECTION:

;d36vh9gkg2fzwi.cloudfront.net.	IN	A



;; ANSWER SECTION:

d36vh9gkg2fzwi.cloudfront.net. 60 IN	CNAME	d36vh9gkg2fzwi.iad2.cloudfront.net.

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.140

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.143

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.165

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.217

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.245

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.14

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.47

d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A	216.137.33.67



;; AUTHORITY SECTION:

iad2.cloudfront.net.	97099	IN	NS	ns-iad2-01.cloudfront.net.

iad2.cloudfront.net.	97099	IN	NS	ns-iad2-02.cloudfront.net.

[snip]

Its just works right now. Since IE 7+ and most other browsers recognize Wildcard SSL certs... its simple now.


A little background... since in 2003 Wildcard DNS was a fairly new concept and really wasn't treated very well by browsers or by anything and was pushed by Apache Software Foundation and MASS hosting providers... but really didn't matter for SMTP... smtp was the only well known services to be able to handle pattern based mail hosts and quite effectively in that regard...

So, it makes sense its was thought of only for MX records.

but its was on the ASF and MASS providers that it fionally made it into DNS and browsers supporting wildcard SSL certs.