I'd like to make setting up new subdomains easy (at least for the development side) and getting one wildcard cert, setting up a wildcard dns (which is done and works great) and setting up SNI (Server Name Indication) seems like it would work for our HTTPS testing but googling around I haven't found any good instructions. Is this even possible? Everything I've read about SNI says you need to setup a cert for every site and that SNI just makes it possible to deliver a different cert depending on the hostname.
SnapOverflow
If you have a wildcard certificate you can do named-based virtual hosting just like you do without SSL.
When negotiating an SSL connection, your web server needs to select a certificate BEFORE any http protocol headers have been received -- which means that, without SNI, Apache can't select between multiple name-based virtual hosts. This is why in the past you needed a separate ip address for every virtual host hosted on your system. Using SNI, the client is able to provide the server with the name of the host to which it wishes to connect. This allows the server to select the appropriate virtual host configuration, and hence the appropriate certificate.
If you're using a wildcard certificate, you sidestep this problem as long as all of your virtual hosts share a common parent domain. In this case, SNI is unnecessary. Because the certificate is valid for any of your hosts, there's no requirement that your web server is able to identify the appropriate virtual host at the beginning of the SSL negotiation...which means you can use the HTTP headers to identify the host, and proceed with normal name-based virtual hosting.
Using Apache, your configuration would look something like this:
We're been running this sort of configuration in a production situation for a few years now without problems.