I see in new JSS docs that getUniqueID is "Deprecated. This ID is based on an implementation that might change. If this functionality is required, it should be provided in another way, such as a function that directly matches a cert and key. "
Barring each developer coming up with own matching mechanism, it looks like there now is a PK11TokenCert class that has the getUniqueID method, and one should probably be use the new PK11Store class to return an array of PK11TokenCerts... Is this how cert/key matching is intended to be done in new JSS? -- P
