Right now we use the pkcs7 defaults, which are DES3 and SHA1. Add support for multiple certs and default to sha256 instead.
