A CA certificate is downloaded from a WML page (example given below). When the handset receives a special MIME-type (for WTLS CA certificates, this is "application/vnd.wap.wtls-ca-certificate" the handset stores the certificate until the user exits the browser. Once the user has exited the browser, the user has the possibility to see the details (issuer, owner, validity period, etc.), verify the finger print, and possibly store the certificate if (s)he can accept it based on the information provided in the display.
One the server side, it is important that the server is configured to hand out certificates with the correct MIME type. For example, if CA certificates are stored with suffix .cer, then the server should be configured to automatically associate this file suffix witht the "application/vnd.wap.wtls-ca-certificate" MIME-type.
An example of a WML certificate download page:
&lt;!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml"&gt;