Could anybody give me a specific scenario,where somebody can get into a
system with a certificate which does not belong to him, when
you turn the "verifycert" parameter "off" on your web server
(Background: Netscape enterprise webserver, talking to LDAP
on a SSL port, and there is only one trusted CA on the ACL)

Thanks,