Adrian, Thank you for your response. Although, I am still a little confused. Isn't the transport layer configuration for SSL done on the UILServerILService MBean by setting the ClientSocketFactory and ServerSocketFactory attributes? I looked at the javadoc for org.jboss.security.ssl.DomainServerSocketFactory and saw that there is a method called setNeedsClientAuth(boolean). Do I need to extend this class, set that method to true, and then set the ServerSocketFactory attribute to the derived class? Also in doing this can I still do role based authorization? The code I have above is slightly simplified from what we really are trying to implement in that instead of using the BaseCertLoginModule and UserRolesLoginModule we have a custom LoginModule that extends the BaseCertLoginModule and a custom verifier that connects to a remote server to verify the user's certificate and retrieve the roles the user has. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4052718#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...