We have a requirement, where we would be accessing "https" site probably using apache commons-httpclient api. For this, we will certainly have the site's certificate added to our keystore in Tomcat. But this being a Business-Business scenario, we would also like to have a client authentication done to this site using certificate. What is the best approach recommended with Tomcat? Can some pointers be of any help here? I tried to skim through internet, but I always trust Coderanch for a quick response.