import org.apache.commons.net.util.KeyManagerUtils; returns worse implementation of KeyManager than native javax.net.ssl.KeyManagerFactory as KeyManager from Apache Commons limits number of DFC certificates to just one.

Issue was detected when Nokia tested DFC with multiple (external/internal) certificates. This issue could be a blocking point if we will go into single keystore which holds external/internal certificates direction.

Solution: exchange used library by native Java implementation.