Hi all, I got lots of problems with dogtag(ekhmmm... almost 20 threads in october : ) if somebody not notice) but this is propably the last one:D It happens if recovery needs more than one agent approval. I get request accepted by admins and problem is I can retrieve private key from browser code, but if I am trying to do this in code it throws PKI Exception and creates new recovery request //creates new recovery request "recover" throws: PKIException "Unauthorized request." Key recoveredX509Key = keyClient.retrieveKeyByPKCS12(keyid,cert,password); //creates new recovery request "securityDataRecovery" and throws: "RuntimeException com.netscape.certsrv.base.PKIException: Unauthorized request. Recovery request not approved." Key recoveredX509Key = keyClient.retrieveKey(keyid); but for this same key when I open it in browser I got form to retrieve key to pk12 and it works perfectly. I check logs and it shows me where this form data goes: [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet:service() uri = /kra/agent/kra/getAsyncPk12 [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='seqNum' value='339' [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='p12Password' value='(sensitive)' [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='p12PasswordAgain' value='(sensitive)' [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='op' value='getAsyncPk12' [01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='reqID' value='339' Anyone have idea what I'm doing wrong? Is there any way to execute getAsyncPk12 service from code? If You need more code or context, give me a note.