I have setup WebVPN with a SSL certificate on an ASA5510 which works fine for a while. However, we need to have a second portal on the same machine. I 've configured this with the use of the group-url statement in the tunnel-group. Now I need to install a second SSL certificate for the second URL. How is his to be done? I guess I should create a new trustpoint for the second certificate, but afaik I can only attach 1 trustpoint to the outside interface.
It's complicated, in theory you can configure another interface and enable webvpn on it and enable anothe trustpoint on the other interface.
You can enaroll (AFAIR) with different RSA keys based on label.
However in such a scenario (two public interfaces) you would face problem with routing.
Honestly I don't want to go through all the RFCs to see if it's allowed but I believe that (conceptaully speaking) one certificate with CN (for primary domain) + SANs (for any alternate domain) would work OK.
I briefly read RFC and I don't see anything that would prohibit using SAN in this case.