I want to support SSL for clients which lack of SNI support (IE/FF/Safari on win XP, Android < 2.2, and others).
The solution I picked was to have nginx listen on separate port for each certificate.
Question is: Is there other way to solve this, or was I doing all right?
That is one way to solve it, but if it's a good way can be up for discussion. A lot of limited networks can only access port 80 and 443, making it impossible for those users to reach your content.
The way to solve it would be to have multiple IP addresses and have one certificate on each.
Another solution would be to use UCC SSL Certificate. I don't know how many domains you want to secure and if you often make changes to that, but Comodo offers those.
That's basically correct if you're limited to one IP address.
If you can use multiple IP addresses, then it would be better to bind to the standard HTTPS port on each IP. The browser address bar will look less strange to an average user in this case, if that's a concern.