Commit my changes that use the UUID in the certificate, rather then the
uid of the user. Not sure this change will survive in its present form since this was done for protogeni and the spec will probably call for something different. But this is what it is for now. Note that the server side is backwards compatable with old certs, at least for now.