Actually, the change I've already put in for JSS 3.2 will take care of this. All certs will be PK11InternalTokenCerts. That is, they will support all operations on certificates. I don't even need to call KeyForCertExists anymore.
- JSS_PK11_wrapCert and PK11_KeyForCertExists Patrick
- Jamie Nicolson
