Thanks,
I missed the distinction between PW1 and PW2.
It might be possible to create a variation on the "poison filename" method of installing the dev. cert. to instead install the old file contents.
Should be a good learning experience for the one who has to do it.