There are hard token profiles for different hard tokens. These profiles has a certificate profile for each key on the card.
Sometimes there is no need for more than one certificate (and key) on the card.
For this reason it should be possible to indicate that a certificate should not be generated by not specifying a cert profile for this key.
It has been a lot of problem with applications that are choosing wrong certificates so this functionality will help a lot.
The change in ejbca needed to achieve this is relative small and limited only to hard token functionality. See attached patch.
Since this functionality is verified by clicking in the EJBCA GUI and testing with PrimeCard there will not be any junit test for this.
Please tell when the patch could be applied to EJBCA 4.0 and when it could be applied to trunk.