"anil.saldhana(a)jboss.com" wrote : I do not think all the constituents of a X509 certificate map to standard JDK classes. An example are the Attribute Certificates that can be issued by the CA as part of a x509 certificate. Where is this used? I'm not keen on pushing too much to pki management layer. Issuing certs for roles seems like an unnecessary indirection. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980159#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...