Thanks, but using keytool is not what I am looking for. My question is if I from inside the web service method am able to extract the alias corresponding to the client's certificate. This imposes two steps 1. How do I extract the clients certificate from inside the web service method. One way would be to locate the wsse:BinarySecurityToken xml-tag in the SOAP message, extract the Base64-encoded certificate and then create an X509Certificate object from it, but that is not very elegant. 2. Lookup the alias in the keystore. To do that I could use KeyStore.getAliasForCertificate() provided 1. is solved. I am looking for something similair to WebServiceContext.getClientCertificate()... Anybody has a suggestion? Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4052135#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...