Does anyone know if its possible to override the default client authentication under HTTPS. If I understand right, the default authentication just verifies that the clients certificate has been signed by somebody in the server's truststore. Is it possible to extend the SSLAuthenticator class to implement your own authentication and set this class as the authenticator instead? I'm using tomcat 3.2.3 Thanks in advance! __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com