I understand the OpenPGP card can hold one X.509 certificate Can this be used in practice to run an in-house CA to sign other X.509 certificates, e.g. for small VPN setups? Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as a client or server cert for VPN)?