It has a viewable list of X.509s but I want to add my own and can find no mention of how to do so in the documentation.
It will refuse to connect via IMAP over SSL without a well-known signature on the cert, no prompt to accept the cert even!
Filterer: If you have a look at the HTTP accept headers when the phone hits you http server, you should be able to see what kind of mime types it accepts, hopefully one will have the words certificate or x509 in it!
In general, WTLS certificates and X.509 certificates are supported by Nokia devices. However, the answer is product-specific as to whether both are supported and for what purpose.
If a device supports WPKI, the following MIME types are supported: application/vnd.wap.hashed-certificate, application/vnd.wap.signed-certificate, and application/vnd.wap.cert-response (the latter is only supported if private key operations, like WMLScript crypto.signText, are supported in the device). In addition, in the CertResponse content type, the referral method is not supported.