Windows Server 2008 R2 does not allow us to add a binding to same port twice.  Additionally you can not select a different SSL certificate for web app that is configured with https.  To do so you have to add binding by adding another IP address on the server and then add the binding on the IP and use a different SSL cert.  I saw people using a comand line utility like appcmd but frankly the syntax was pretty rough to use it.  So I tried wth PowerShell.  I was able to make a script that allows you to add a remove a binding as required.  The below script is used when I configured SharePoint Hosted apps on Windows server 2008 R2 environment where apps are configured to use different app domain.  Customer was getting certificate error so they wanted to use different SSL cert on App Web (No Host Header Web Application).  Just like I said before you just need an addition IP address on the WFES and then add a binding with * on that IP.  You can then remove the default binding using the same PowerShell script.

Import-Module WebAdministration
Get-Website
#Note the Web application Name
$ADFSApp = Get-Website -Name "NoHostHeader"
New-WebBinding -Name "NoHostHeader" -Protocol https -Port 443 -HostHeader "*" -IPAddress 35.0.0.11
#List the binding of the web appGet-WebBinding -Name "NoHostHeader" | Select *

#Remove the default Binding
Remove-WebBinding -Name "NoHostHeader" -BindingInformation "*:443:"

You can change the commands the way you want.  Do not try to modify the values of  https binding from UI as the changes apply to all web applications.  Be careful.  The script only targets one web app it is safe to execute.