I am using the example code from section 11.4.3 TLS Socket Factory in the document: [Java Dynamic Management Kit 5.1 Tutorial|http://docs.oracle.com/cd/E19698-01/816-7609/6mdjrf873/index.html] . I can get it working fine, but only if the first private key entry in the server side's keystore is the one that matches a certificate in the client's truststore. This leads me to believe that there is no way to select a particular private key for use with a JMXMP connection across TLS, i.e. TLS always chooses the first key entry it encounters in the keystore. Is this true?