Be aware though that GeoTrust and Thawte certs don't work[1] on android devices. There are claims that it can be fixed by adding a cross-root cert[2] but for me that didn't work out.
More generally: If you need to support mobile devices then read your CA's compatibility list closely (if you can find it...) and test, test, test. You'd think this shouldn't be an issue anymore in 2012, but it sadly still is.
And that's the "good"/trusted CA. I'm not sure when they made the switch, but I only got this cert issued a couple of months ago.
FWIW, we also support Docomo phones, and that is a huge pain in the ass. The only CA that works there is:
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
If you don't need to support really old mobile devices, the best certs going are, IMHO, Digicert. They get chained all the way back to Entrust:
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
And the company has some of the best customer service going anywhere.
