Hello, thanks for the link, that clarified a little. Now I'm wondering - where do I put the certificates (server ones - server.keystore file)? Do I bundle them with the web application or put it in the conf directory (I tried both, with the same effect). I'm not sure also what does "The localhost.keystore would need this cert stored with an alias of CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US and the jmx-console-roles.properties would also need an entry for the same entry." mean - from the manual - should I import the client certifiacte to server.keystore? Finally, how do you enable trace logging of JBoss Security? I tried adding to log4j.xml: | <category name="org.jboss.security.auth.spi"> | <priority value="TRACE"/> | </category> | but that didn't help :) Thanks, Adam View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958955#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...