Comment 3 for bug 392104

We could use openssl in jks-keystore.hook to decode proposed .pem contents and specifically exclude the one(s) with:

Signature Algorithm: 1.2.840.10045.4.3.3

(which maps to SHA384withECDSA according to http://javadoc.iaik.tugraz.at/cms_smime/current/iaik/cms/CMSAlgorithmID.html)
I'm just unsure that would be the only one we would want to exclude...