If I recall correctly, we did a pilot of CUMA and we did not have to have a
certificate from Verisign. Since it was a pilot, the customer didn't want to
pay for the cert if it wasn't going to be needed long term. So, we used a
self-signed cert on the ASA. The "problem" or side-effect was that the
mobile users were constantly prompted to state they trusted the cert. In a
way, our hands were tied with respect to trying to make that cosmetic issue
disappear. It was an all BB shop and the admin had tight controls on the
BES.
Regardless, my recollection is that we were able to get away with it but
that if the customer decided to go full bore that we would need to do the
Verisign cert.
HTH.
Regards,
Bill
Please remember to rate helpful posts.