Hello all, I am attempting to set up client-cert for a webapp. I have successfully set up a .keystore directory for Tomcat to present the client with a certificate, but am now wanting the request a certificate FROM the client for authorization. I have Tomcat setup for ssl. Now to request a client certificate, I've changed the value in the server.xml file for clientAuth to true. I believe the next step is to generate new keys and specify the keystore path. My confusion is when I did the server side, I created a .keystore folder One of the books (O'Rielly's "Tomcat") seems to jump into unix or openssl at this point and tells me to create a directory then generate the key (command line #mkdir -p -m go=/path and the next command #openssl req -new -newkey rsa:512 -node -out /path...) I'm not using openssl or unix or ? How have I missed the boat on this one? Tomcat will be running on a windows 2k box. How does the new keystore referred to in the O'Rielly book fit in with the .keystore generated when I set up SSL? I'm quite confused and would really appreciate some guidance.