I have a doozy. Please don't ask why I have this configuration set up the way it is. The only answers are going to give you headaches. Trust me on this. I have what we're creating as almost a turnkey solution. One AD domain controller, one Citrix/WI/CSG box. Right now I have everything working with those components. Firewall has 443 opened up to the box, can hit the https://us.company.com, log in, get an app, run an app just fine. That part of it works after a few bumps, but it works well. Now they want to add in client certificates. We'll be issuing each workstation a certificate, and the goal is that they must have the certificate in order to open the site. Before CSG in place we had this working. SSL cert was in IIS, "require client certs" was checked in IIS, and 1494/2598 was open to the internet. Users would hit the web page https://us.company.com, it would prompt them to select their client cert, and then pass them onto the logon page and apps would load. Due to the added bonus of wanting everything over SSL, we added CSG. Now of course the default IIS page is not SSL because CSG is handling it. So the roundabout way to getting to where I'm going...with this configuration, how do we now allow/require client certs in this environment? Thanks much. Adam Granatella Red Anvil, LLC