It works now! I just made a stupid mistake in my testing. This is an example that should work: > > CERT_FILE = "c:/certs/jim_nopw2.pem" > > CA_CERT = "c:/ca_certs/servers_ca.cer" > > > require 'rubygems' > > require 'httpclient' # using v2.1.2 and rubyntlm 0.1.1 installed > > > client = HTTPClient.new > > client.ssl_config.set_trust_ca(CA_CERT) > > client.ssl_config.set_client_cert_file(CERT_FILE, CERT_FILE) > > > client.set_auth("https://some_website.com/default1.asp", 'DOMAIN\username', 'password') > > > resp = client.get("https://some_website.com/default1.asp") > > puts resp.content > > puts resp.status I forgot to include the domain in my previous attempts as it isn't required in the browser. I'm guessing the browser grabs the target/ domain during the ntlm process and prepends it to the username. It wouldn't be hard to modify httpclient to do the same, but isn't completely necessary. I think it should also work to call set_auth with nil as the first parameter and have that set the default credentials, but that doesn't work the way httpclient is currently coded. NegotiateAuth#set seems to allow for it though. I hope this helps and will allow you to continue on your way with Ruby.