server-wide, wildcard, generic, shared SSL - why is it so hard?

[aww]

I want to create and use a generic (openssl) ssl cert that the entire apache server can use for any domain, any subdomain, just as a switchover to port 443 with encryption.

I don't care about browser warnings, this is for advanced users who know how to accept.

I don't want a domain name or the server host name to be in the certificate, this is easy to create via openssl but impossible to get cpanel to accept.

I can do this in 2 minutes on nginx or litespeed, but with cpanel it's a nightmare of trial and error.

I've googled this to death, I don't like the hacks and old advice from pre-11 versions of cpanel.

If WHM can do this with it's own generic SSL cert, why can't I make cpanel do this with apache?

Thanks for any advice. Doing this at the shell level if possible is fine.

[aww]

Any chance 11.32 has some improvements to wildcard shared ssl?

Maybe a wrapper or reverse proxy could be used for port 443 to apache that cpanel would manage.

That way examplesharedssl.blah could be a certificate for any domain on the server and still be routed correctly without tilde and openbase_dir hacks.