Agree we should propose that Paul adds a method for this in the library. The reason for this code is that 1) 3rd party certification are ignored in our code anyway and 2) some keys can have 3rd party certification bloat that makes it difficult to work with the keys unless we removed them.
Originally posted by @tomholub in #1331 (comment)