I'd like to see that too. I have never seen an invalid cert that doesn't match the domain NOT prompt you with that information. That is the whole point in having them.
Russ === Dave said I think I'll move on with my life in either case, thanks for asking. I simply wanted you to point out some piece of evidence in favor of the idea that you can present an invalid certificate and have it accepted automatically. I don't want a step-by-step how-to, just some tiny shred of proof. Because, you see, this is really the key part of the discussion. Any idiot can set up an SSL proxy, and users may well go to that and blindly accept its certificate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255292 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4