Multiple virtual servers with same IP and port but different certificates

Yes, with SNI (Server Name Indicator). This is an extension to the TLS protocol where the client includes a server name attribute in its CLIENTHELLO message, the first message in an SSL/TLS handshake. As of v11, the BIG-IP supports SNI where you can add multiple client SSL profiles to the VIP. Basically, create each client SSL profile, assign each a cert and key, and specify the server name value that matches the subject name value of the assigned cert. You can optionally make one of those profiles the "default" if the client doesn't support TLS. The downside of this, as I've alluded, is that the clients must support TLS, which precludes Windows XP/IE6 and earlier.