Update the certificate authority implementation to use Certificate Login (rather them the Person) to issue an Certificate for login purpose.

There isn't a need to update PAS, since it already uses the Certificate Login to search for the user.