Since the wildcard SSL certificates are only one subdomain deep, websites need to have A records or CNAME records in the primary DNS zone, and the VirtualHost record should match. Do NOT ServerAlias to www.* because the certificate will fail ONLY on the iPhone.