OpenSSL and apache2 wildcard self-signed certificate for nested subdomain

[rey sebastien <reyman64@xxxxxxxxx>]

Hello users :)
I try to ask a "smart" question on my problem...

I have some problem with nested subdomain and wildcard openssl certificate.. perhaps, i don't know, this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like xxxx.parisgeo.cnrs.fr

When i create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg.

My virtualhost and my apache2 conf work with no wildcard cerficate, so the problem is not here i think :

The port.conf

 NameVirtualHost *:443
 Listen 443

An example virtualhost i have :

<VirtualHost *:443>
  ServerName partage.parisgeo.cnrs.fr
  ServerAlias www.partage.parisgeo.cnrs.Fr

  DocumentRoot /var/www/owncloud

        <Directory /var/www/owncloud>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

   SSLEngine on

   SSLCertificateFile    /etc/ssl/parisgeo.cnrs.fr.crt
   SSLCertificateKeyFile /etc/ssl/parisgeo.cnrs.fr.key
   </VirtualHost>

I generate my certificate like this (CN = *.parisgeo.cnrs.fr) :

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out parisgeo.cnrs.fr.csr

openssl x509 -req -days 3650 -in parisgeo.cnrs.fr.csr -CA ca.crt -CAcreateserial  -CAkey ca.key -out parisgeo.cnrs.fr.crt

The right for my generate key file :

-rw-r--r-- 1 root root      1424 14 déc.  11:51 ca.crt
-rw-r--r-- 1 root root      1743 14 déc.  11:50 ca.key
-rw-r--r-- 1 root root        17 14 déc.  12:13 ca.srl
-rw-r--r-- 1 root root       981 14 déc.  12:13 parisgeo.cnrs.fr.crt
-rw-r--r-- 1 root root       627 14 déc.  12:08 parisgeo.cnrs.fr.csr
-rw-r--r-- 1 root root       891 14 déc.  12:08 parisgeo.cnrs.fr.key

When i try to connect and test the certificate with openssl :

root@xxxx:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 
CONNECTED(00000003)
depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
verify return:1
---
Certificate chain
 0 s:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
   i:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
---
Server certificate
 ----BEGIN CERTIFICATE-----
..... blabla .....
-----BEGIN CERTIFICATE-----
subject=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
issuer=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr
---
No client certificate CA names sent
---
SSL handshake has read 1253 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 7642C70A1E358CAA5901C060A26655DE3AF0BA683C9A598BA7C4B14FF108ADD7
    Session-ID-ctx: 
    Master-Key: 65184165198498498484 6516511321584831181468469431688132138498
    Key-Arg   : None
    Start Time: 1323862629
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
closed

The firefox error when i try to connect to the site is :

An error occurred during a connection to partage.parisgeo.cnrs.fr.
Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)

If you have any idea to help me resolving this problem ..
Thanks a lot ! SR.