Avoid enumerating certificates with non-matching key type