Re: Many WAP gateways do not properly check SSL certificates

["Jeremy Sanders" <jsanders () newsouthfederal com>]

> Since SSL certificates are tamper-evident as the cryptographic signature
> is checked against the "root" certificates of the large CAs (Thawte,
> Verisign, Global Trust etc.) this check gives assurance that the
> requesting party is connected to the right host - i.e. you are safe from a
> man-in-the-middle attack.

Sprint PCS's WAP gateway does not give a detailed error message, but does not allow the connection if the root 
certificate is not a trusted root CA. We have an Organizational CA that we generate certificates for internal web 
sites. The wireless versions of these sites will not work because Sprint's WAP gw does not trust our root... We would 
also rather not pay Verisign every time we decide to bring up a new intranet/extranet site...

Jeremy Sanders, CCNP CNE
Advanced Systems Engineer
New South Federal Savings Bank