>Since SSL certificates are tamper-evident as the cryptographic signature
>is checked against the "root" certificates of the large CAs (Thawte,
>Verisign, Global Trust etc.) this check gives assurance that the
>requesting party is connected to the right host - i.e. you are safe from a
>man-in-the-middle attack.
Sprint PCS's WAP gateway does not give a detailed error message, but does not allow
the connection if the root certificate is not a trusted root CA. We have an
Organizational CA that we generate certificates for internal web sites. The wireless
versions of these sites will not work because Sprint's WAP gw does not trust our
root... We would also rather not pay Verisign every time we decide to bring up a new
intranet/extranet site...
Jeremy Sanders, CCNP CNE
Advanced Systems Engineer
New South Federal Savings Bank
