write base.checks.ProviderCertChecker
in a similar fashion to EIPConfigChecker, we need a base.checks.ProviderCertChecker class that will run checks defined in section "check encryption keys" of eip-client-overview.
for MVS, we only need to have the ca and fail close if no https. However, it'll be good if we put stubs in place for MVS+
What of the points below is expected to be working in MVS?
[no] download the ca cert, if missing. [no] download a signature file for this ca cert. [no] check to see if there is a signature available from any of the pre-installed keys distributed with the client. [no] if not, and the https connection did not use a server cert signed by a standard CA, then pause and ask the user if they want to continue. client should have the CA needed for the https, if https doesn't work, then it should fail closed. [yes] download a new client cert, if missing or expired.
(from redmine: created on 2012-08-29, closed on 2012-09-12, precedes #532 (closed))