diff -r d2426cebb46a -r df3bf49634a1 pvl/login/ssl.py
--- a/pvl/login/ssl.py	Tue Jan 14 23:14:53 2014 +0200
+++ b/pvl/login/ssl.py	Tue Jan 14 23:15:36 2014 +0200
@@ -93,7 +93,7 @@
         """
             Sign given spkac string (base64-encoded) for given user.
 
-            Returns path to the signed cert.
+            Returns a name for the signed cert.
         """
 
         if not set(user).issubset(self.VALID_USER) :
@@ -119,7 +119,7 @@
         # sign it
         if os.path.exists(cert_file) :
             log.warning("cert already exists: %s", cert_file)
-            return cert_file
+            return name
         
         if os.path.exists(tmp_file) :
             log.warning("cleaning out previous tmp file: %s", tmp_file)
@@ -131,4 +131,19 @@
         log.debug("%s: rename %s -> %s", user, tmp_file, cert_file)
         os.rename(tmp_file, cert_file)
 
-        return cert_file
+        return name
+
+    def open_cert (self, user, name) :
+        """
+            Return an opened cert file by username / cert name.
+        """
+
+        if not set(user).issubset(self.VALID_USER) :
+            raise Error("Invalid username: {user}".format(user=user))
+
+        path = os.path.join(self.users, user, name)
+
+        if not os.path.exists(path) :
+            raise Error("No cert found on server")
+
+        return open(path)