Be able to check if it needs auth and then be able to login. Use the logged in token for fetching the cert.