That appears to depend on the client - it certainly doesn't work with Mozilla, and Eudora needs some manual steps that the users seem to have trouble with. OTOH, it _shouldn't_ work automatically; the cert is no more inherently trustworthy than any random one somebody has generated.
Note: I was referring only to situations where the CA cert is not already built into the browser. Otherwise, of course, everything will just work with no fuss as you say.
Craig Ringer
