On 6/30/2016 5:09 AM, Abhijeet Kasurde wrote: Thanks! Pushed to master with some changes: 1. The original code was supposed to normalize the token name, so if it's 'internal' or 'Internal Key Storage Token' it will be normalized to None. If token name is None we don't add -h <token> when calling certutil since by default certutil will use internal token. There's a bug in PKIInstance.get_token_password() though. If the caller specifies token parameter to be None explicitly, it won't get the default value of 'internal'. The method has been fixed to check for None value. 2. The code that catches CalledProcessError has been moved into the main program (i.e. pki-server) so similar errors will be handled more consistently. 3. Some error messages are changed for consistency. -- Endi S. Dewata