Hi, I followed the instructions in the book "JBoss at Work" to set up my own customer login-config.xml file and the login-config-service.xml files respectively. I've also generated a keystore file and there seems to be no problems from these sides (i think). Bcos my certificate is self-signed, i do get the usual message about unsafe certificate. However the problem is that once i accept the certificate by clicking ok, my browser attempts to DOWNLOAD instead of DISPLAY the default login page i assigned in web.xml. This happens in Firefox and Mozilla, whiles IE just gives me an error message. Any ideas on what i'm doing wrong? By the way the protected recource is a jsf page if that's any help. I've tried both /trade/* and *.trade as my url-patterns to no effect. I'm using Seam 1.1.0.GA, Facelets and JBoss 4.0.5.GA. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4008567#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...