log.debug("reusecertificate: "+reusecertificate);
try {
GenerateToken tgen = new GenerateToken(authenticationSession, userAdminSession, caAdminSession, keyRecoverySession, signSession);
java.security.KeyStore pkcs12 = tgen.generateOrKeyRecoverToken(admin, username, password, caid, keyspec, keyalg, false, loadkeys, savekeys, reusecertificate, endEntityProfileId);
final KeyStore retval = new KeyStore(pkcs12, password);
final Enumeration<String> en = pkcs12.aliases();
final String alias = en.nextElement();
final X509Certificate cert = (X509Certificate) pkcs12.getCertificate(alias);
if ( (hardTokenSN != null) && (cert != null) ) {
hardTokenSession.addHardTokenCertificateMapping(admin,hardTokenSN,cert);