My app can be used two ways: 1. in regular Java Apps 2. In a web App In both cases, whether or not there is security depends on whether the app (web or other app) that is using my code has turned security on. So I need to be able to execute whether or not security is on. As well, keytool (the usual way of creating a keystore and importing your certificate) is not included in the simple JRE install. So when my app installs itself, it needs a way to create a keystore, import the cert and help the user add the keystore and "grant" to their policy file. Anyone know how to do this?