Another option is to use a non-default port for the second SSL binding... you'll have to use URLs of the form
https://foo.com:1337/ but the security will be preserved.
That's not what I'm after though.
My cert is for "foo.com", and that's it. Yet people expect websites to be at "www.foo.com". The same virtual server serves requests for both "foo.com" and "www.foo.com". Since the host-headers are different than the cert my visitors get a warning.
I'm trying to eradicate the warning I can get a second SSL for "www.foo.com" in addition to my cert for "foo.com", but I can't see if/where/how IIS supports multiple certs per single instance of a virtual server.