Hello, Am running Tomcat 5.5 on Windows 2000 Server. Using SSL and set everything up to require client cert. Problem is, the cert is not in the session. I am casting the ServletRequest (in the doFilter method) to an HttpServletRequest to get the session. There is no "javax.servlet.request.X509Certificate" in the session. Saw this in the tomcat mailing list: Mailing entry Apparently this only occurs using the APR. So my question is, with Tomcat 5.5 on Windows, how does one not use the APR? Seems that it's the only way to run Tomcat on Windows. And, further, if running on Linux, I would assume that it's run as pure Java, and there is no APR.