I've been trying to make the /admin webapp supplied with tomcat use my client cert. I've imported my certificate into the tomcat server host's .keystore using -keytool and specifying -trustcacerts. I'm not sure what to put in the web.xml and whether or not I have to put an entry into tomcat-users.xml (I haven't been able to find a tomcat-users.dtd) At present I've got the following in the webapps/admin/web-inf/web.xml: <security-constraint> ... <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> .. and I've added <user name="mycert_alias" password="cert_store_pwd" roles="admin" /> to tomcat-users.xml. When a browser requests the contextAdmin.jsp tomcat returns Error: 401 Location: /admin/contextAdmin/contextAdmin.jsp null Any help or enlightenment much appreciated. Thanks Ron