Construct it like this: Use a single vserver with the wildcard certificate and create a different pool for each backend (toto, tata and titi respectively).
Then, use Rule Builder to build three request rules that inspect the value of the HTTP "Host" header and select the appropriate pool.
Let us know if this does not make sense and I will pull together a screen shot...
Your setup would look something like this:
3 Rules built in Rule Builder, in my example I have a rule for www.snrkl.org, webmail.snrkl.org and extranet.snrkl.org. Each rule will look a little like this (obviously the value of the Host header (www.snrkl.org) in this example would match your hostname) and the "Choose Pool" value will map to the pools you created for each application.
apply all three rules to your HTTP enabled vserver, and it will look something like this:
Hope that helps.