Tip of the Day: Wildcard SSL subdomain limitation
Recently I had this problem and was surprised by this limitation. The problem is wildcard SSL certificates only support one level of subdomains, i.e *.a.com matches foo.a.com but not bar.foo.a.com (taken from RFC2818, see link below). To support all subdomains beyond foo you would need a wildcard certificate for *.foo.a.com