Ken Schaefer wrote: > Why didn't you quote section 3.3 of that same RFC for completeness?, which > explicitly forbids the use of username:password syntax in HTTP URLs, which I > believe is the point that Joshua was trying to make. Arrgh. Got me -- I plead selectively decaying memory :-) In penance, I'll offer Drew (the OP) a suggestion; this Exception: > "javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: > No trusted certificate found" :: makes me think (more selective memory, possibly!) that this is the new CF based on Java/JRun? If so, it sounds like there's no Keystore, or the Keystore doesn't contain a root CA cert corresponding to that of the remote site's cert. Just like a browser, a process generating a client SSL request has to have certs to compare to the response... And JRun may handle the details altogether differently from Tomcat, so that's as much as I can contribute. HTH (and sorry for the original misleading citation!), -- Hassan Schroeder ----------------------------- hassan at webtuitive.com Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code.