In order to guarantee that the site to which the user wanted to connect is actually the site to which the browser connected, TLS compares the user entered host part of the URI with the common name (CN) from the server provided certificate. Should the comparison fail, the browser will warn the user that there is something wrong with the certificate of the site.
Due to the fact that this comparison is done in the early stages of the TLS negotiation, the client receives the server's CN before information which is required to implement virtual hosting (such as the  "host" header) is sent to the server. Therefore, it is impossible to implement secure virtual hosting without having the browser warn the user.
An extension to TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual host as part of the TLS negotiation. This enables the server to "switch" to the correct virtual host early and present the browser with the certificate containing the correct CN.