I am sorry, but I cannot help you with that. Our servlets do not use use the Web server's SSL at all and initiate all SSL connections themselves using the IAIK API calls. JavaSoft has defined the way you quote to access the SSL client certificate chain from a servlet, but I don't think this is widely implemented. If it does not work on your server, your servlet engine most likely does not set these parameters. You should contact the developers of your servlet runner to find out if and how SSL session information can be accessed. Andreas Sterbenz mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at -----Ursprüngliche Nachricht----- Von: Colin Chalmers <Colin.Chalmers@maxware.nl> An: <firstname.lastname@example.org> Gesendet: Montag, 13. September 1999 17:55 Betreff: Re: [iaik-ssl] ssl and servlets > Once again thank-you for the swift reply. I understand I should be patient > and wait on the next beta release but perhaps you could give me a pointer in > the right direction. In my servlet book I have an example for reading the > attributes of a certificate, however I understand from the author that the > code is specific to th Java Web Server. Could you give me a tip on how to > change this code so that I can at least read the certificates? I would be > most grateful.