diff --git a/ssl/provision_ssl.drush.inc b/ssl/provision_ssl.drush.inc
index 01574ce9e15c7eb7c9e10b6605e37ecc56634e1a..2c7ce1feb495f55c5eea3bb2c18a4e131ef5bd0f 100644
--- a/ssl/provision_ssl.drush.inc
+++ b/ssl/provision_ssl.drush.inc
@@ -26,7 +26,19 @@ function provision_ssl_provision_apache_vhost_config($url, $options) {
       $newoptions['site_port'] = 80;
       _provision_apache_create_config($url . '_80', $newoptions, _provision_apache_redirect_template());
     }
-    return array("php_value session.cookie_secure 1", "SSLEngine On");
+    $lines = array("php_value session.cookie_secure 1", "SSLEngine On");
+    // we make sure it is set to keep default behaviour (ie. if unset,
+    // it is yes)
+    if (isset($options['ssl_wildcard']) && !$options['ssl_wildcard']) {
+      $ssl_dir = drush_get_option('config_path') . "/ssl.d/";
+      if (file_exists("$ssl_dir/$url.crt") && file_exists("$ssl_dir/$url.key")) {
+        $lines[] = "SSLCertificateFile " . "$ssl_dir/$url.crt";
+        $lines[] = "SSLCertificateKeyFile " . "$ssl_dir/$url.key";
+      } else {
+        drush_log(dt("cannot find SSL certificates %cert or %key, using server-wide wildcard", array('%cert' => "$ssl_dir/$url.crt", '%key' => "$ssl_dir/$url.key")));
+      }
+    }
+    return $lines;
   } else {
     return NULL;
   }
diff --git a/ssl/verify.provision.inc b/ssl/verify.provision.inc
index 626eb34f3fc34e5b799016b680ae0ae7e3669f70..66d541d9bc932ba03fdc87fd4c517b3c97439935 100644
--- a/ssl/verify.provision.inc
+++ b/ssl/verify.provision.inc
@@ -5,5 +5,6 @@
 function drush_provision_ssl_post_provision_verify($url = NULL) {
   if (PROVISION_CONTEXT_SITE) {
     drush_set_option('ssl', drush_get_option('ssl'), 'site');
+    drush_set_option('ssl_wildcard', drush_get_option('ssl_wildcard'), 'site');
   }
 }