FWIW ... >> warning is presented (not issued by a trusted Certificate authority) >> then I get an 'Unable to display screen' error.
I'm assuming that this message is coming from your client. In that case all this means is that the client does not trust the certificate that the server is presenting. How the client is configured to trust the certificate (or certificate authority) is dependent on the client. Browsers will usually offer to add the certificate to its trust store. BTW, are you using a self-signed certificate or a one signed by a certificate authority? >>Also perplexing is the certificate (when viewing details through Mozilla Firefox) is that the certificate is always being dipslyed fromm the IBM default.kdb SYSTEM keystore. My somewhat educated guess is that the IBM implementation class isn't using the parameters in the connector element. They may use other parameters or may use none at all (i.e. always default to the named keystore). The reason I think this is a reasonable guess is because the Tomcat APR algorithm uses different parameters to set its key and trust stores. >>javax.net.ssl.SSLProtocolException: Peer not recognized or badly formatted message received. If you haven't downloaded and used Wireshark yet, this is a good time to get familiar with it! Wikipaedia also has a good article on TLS/SSL that describes the algorithm in enough detail to allow debugging. Note that SSL/TLS connections can be re-connected and the handshake protocol differs in that case. If this is on your client, then this could simply be the exception that ends up as the "not issued by trusted Certificate authority" message.
