Wildcard SSL -- help needed please to point the finger
 

[URL="https://post-office.clara.net/"]https://post-office.clara.net/[/URL].

ClaraNET has bought a shiny new wildcard SSL cert, and it doesn't work. OmniWeb-5.8 Revision: 104805 is running a warning sheet "unknown certificate authority"; this is incorrect since Globalsign is a trusted CA, but the main problem is that the Common Name in the cert is *.clara.net . OmniWeb doesn't like it; Firefox 2 doesn't like it; Safari 3.1.2 doesn't like it; MSIE 5.23/Carbon doesn't like it. MSIE7 might work I suppose -- I haven't tried.

So what's up with the cert? Is this a correctly issued'n'configured wildcard SSL cert and all these Mac browsers don't like it because they're using OS-supplied crypto libraries that don't deal with wildcard SSL, or have ClaraNET and/or Globalsign fouled up, or is wildcard SSL just a thoroughly bad idea, ideally not to be touched with a 20ft pole?

You need to install it to OS X using keychain utility. OS X native apps ask the OS itself for certificates. I am not sure about firefox but can speak for icab/omniweb/safari. IE for Mac while being old and insecure asks same location and even installs own certs.
I'd recommend launching keychain access and reading its help. As SSL certs are critical; I can`t post step by step instructions. It is easy though.
Ask Clara guys if you need. They must have instructions or ready made knowledge base.

The problem has gone away by itself. I'm guessing that when the new cert was installed on the server, the mod_ssl Apache directive SSLCertificateChainFile should have been updated, and initially wasn't, which is why clients such as OmniWeb were emitting "unknown certificate authority"-type warning messages; so the problem wasn't with OmniWeb.