I've some trouble with nested subdomain and wildcard openssl certificate.. possibly the reason being the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or any other subdomain like xxxx.parisgeo.cnrs.fr

After i produce the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it is appears you can't really connect on this website for instance partage.parisgeo.cnrs.fr with this particular configuration ! Arg.

My virtualhost and my apache2 conf work without any wildcard cerficate, so the issue is not here' think :

The main harbour.conf

 NameVirtualHost *:443
 Listen 443

A good example virtualhost i've :

<VirtualHost *:443>
  ServerName partage.parisgeo.cnrs.fr
  ServerAlias www.partage.parisgeo.cnrs.Fr

  DocumentRoot /var/www/owncloud

        <Directory /var/www/owncloud>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all

   SSLEngine on

   SSLCertificateFile    /etc/ssl/parisgeo.cnrs.fr.crt
   SSLCertificateKeyFile /etc/ssl/parisgeo.cnrs.fr.key

I generate my certificate such as this (CN = *.parisgeo.cnrs.fr) :

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out parisgeo.cnrs.fr.csr

openssl x509 -req -days 3650 -in parisgeo.cnrs.fr.csr -CA ca.crt -CAcreateserial  -CAkey ca.key -out parisgeo.cnrs.fr.crt

The best for my generate key file :

-rw-r--r-- 1 root root      1424 14 déc.  11:51 ca.crt
-rw-r--r-- 1 root root      1743 14 déc.  11:50 ca.key
-rw-r--r-- 1 root root        17 14 déc.  12:13 ca.srl
-rw-r--r-- 1 root root       981 14 déc.  12:13 parisgeo.cnrs.fr.crt
-rw-r--r-- 1 root root       627 14 déc.  12:08 parisgeo.cnrs.fr.csr
-rw-r--r-- 1 root root       891 14 déc.  12:08 parisgeo.cnrs.fr.key

After i attempt to connect and try out the certificate with openssl :

root@xxxx:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 
depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
verify return:1
Certificate chain
 0 s:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
Server certificate
..... blabla .....
No client certificate CA names sent
SSL handshake has read 1253 bytes and written 319 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 7642C70A1E358CAA5901C060A26655DE3AF0BA683C9A598BA7C4B14FF108ADD7
    Master-Key: 65184165198498498484 6516511321584831181468469431688132138498
    Key-Arg   : None
    Start Time: 1323862629
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

The opera error after i attempt to connect with the website is :

An error occurred during a connection to partage.parisgeo.cnrs.fr.
Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)

For those who have any idea that helped me to solving this issue .. Thanks ! SR.