Use SMIME certificates without LDAP or AD?