diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/certs/HttpCertsEntryPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/certs/HttpCertsEntryPoint.java
new file mode 100644
index 000000000..971974940
--- /dev/null
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/certs/HttpCertsEntryPoint.java
@@ -0,0 +1,81 @@
+package org.maxkey.authn.support.certs;
+
+import java.security.cert.X509Certificate;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+
+public class HttpCertsEntryPoint  implements AsyncHandlerInterceptor {
+	private static final Logger _logger = LoggerFactory.getLogger(HttpHeaderEntryPoint.class);
+	
+	static String CERTIFICATE_ATTRIBUTE = "javax.servlet.request.X509Certificate";
+	static String PEER_CERTIFICATES_ATTRIBUTE = "javax.net.ssl.peer_certificates";
+	
+    boolean enable;
+    
+    @Autowired
+    @Qualifier("authenticationProvider")
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+    @Override
+	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 
+		 if(!enable){
+			 return true;
+		 }
+
+		 _logger.debug("Certificate Login Start ...");
+		 _logger.debug("Request url : "+ request.getRequestURL());
+		 _logger.debug("Request URI : "+ request.getRequestURI());
+		 _logger.trace("Request ContextPath : "+ request.getContextPath());
+		 _logger.trace("Request ServletPath : "+ request.getServletPath());
+		 _logger.trace("RequestSessionId : "+ request.getRequestedSessionId());
+		 _logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+		 _logger.trace("getSession : "+ request.getSession(false));
+		 
+		X509Certificate[] certificates= (X509Certificate[])request.getAttribute(CERTIFICATE_ATTRIBUTE); // 2.2 spec
+		if (certificates == null) {
+			 certificates = (X509Certificate[]) request.getAttribute(PEER_CERTIFICATES_ATTRIBUTE); // 2.1 spec
+        }
+		
+		for (X509Certificate cert : certificates) {
+			cert.checkValidity();
+			_logger.debug("cert validated");
+			_logger.debug("cert infos " + cert.toString());
+			_logger.debug("Version " + cert.getVersion());
+			_logger.debug("SerialNumber " + cert.getSerialNumber().toString(16));
+			_logger.debug("SubjectDN " + cert.getSubjectDN());
+			_logger.debug("IssuerDN " + cert.getIssuerDN());
+			_logger.debug("NotBefore " + cert.getNotBefore());
+			_logger.debug("SigAlgName " + cert.getSigAlgName());
+		    byte[] sign = cert.getSignature();
+		    _logger.debug("Signature ");
+		    for (int j = 0; j < sign.length; j++){
+		    	_logger.debug(sign[j] + ",");
+		    }
+		    java.security.PublicKey pk = cert.getPublicKey();
+		    byte[] pkenc = pk.getEncoded();
+		    _logger.debug("PublicKey ");
+		    for (int j = 0; j < pkenc.length; j++){
+		    	_logger.debug(pkenc[j] + ",");
+		    }
+		}
+		 return true;
+    }
+
+	public HttpCertsEntryPoint(boolean enable, AbstractAuthenticationProvider authenticationProvider) {
+		super();
+		this.enable = enable;
+		this.authenticationProvider = authenticationProvider;
+	}
+    
+    
+}