diff --git a/confluent_server/confluent/discovery/core.py b/confluent_server/confluent/discovery/core.py
index 4214ad27..b04a6853 100644
--- a/confluent_server/confluent/discovery/core.py
+++ b/confluent_server/confluent/discovery/core.py
@@ -1109,7 +1109,7 @@ async def get_nodename(cfg, handler, info):
         # chassis
         nodename = get_nodename_from_enclosures(cfg, info)
     if not nodename and handler.devname in ('SMM', 'SMM3'):
-        nodename = get_nodename_from_chained_smms(cfg, handler, info)
+        nodename = await get_nodename_from_chained_smms(cfg, handler, info)
     if not nodename:  # as a last resort, search switches for info
         # This is the slowest potential operation, so we hope for the
         # best to occur prior to this
@@ -1123,8 +1123,8 @@ async def get_nodename(cfg, handler, info):
                     # We found an SMM, and it's in a chain per configuration
                     # we need to ask the switch for the fingerprint to see
                     # if we have a match or not
-                    newnodename, v = get_chained_smm_name(nodename, cfg,
-                                                          handler, nl)
+                    newnodename, v = await get_chained_smm_name(nodename, cfg,
+                                                                handler, nl)
                     if newnodename:
                         # while this started by switch, it was disambiguated
                         info['verified'] = v
@@ -1150,16 +1150,16 @@ async def get_nodename(cfg, handler, info):
     return nodename, maccount
 
 
-def get_nodename_from_chained_smms(cfg, handler, info):
+async def get_nodename_from_chained_smms(cfg, handler, info):
     nodename = None
-    for fprint in get_smm_neighbor_fingerprints(
+    async for fprint in get_smm_neighbor_fingerprints(
             handler.ipaddr, lambda x: True):
         if fprint in nodes_by_fprint:
             # need to chase the whole chain
             # to support either direction
             chead = get_enclosure_chain_head(nodes_by_fprint[fprint],
                                              cfg)
-            newnodename, v = get_chained_smm_name(
+            newnodename, v = await get_chained_smm_name(
                 chead, cfg, handler, checkswitch=False)
             if newnodename:
                 info['verified'] = v
diff --git a/confluent_server/confluent/discovery/handlers/cpstorage.py b/confluent_server/confluent/discovery/handlers/cpstorage.py
index 419c4dd2..04552a6e 100644
--- a/confluent_server/confluent/discovery/handlers/cpstorage.py
+++ b/confluent_server/confluent/discovery/handlers/cpstorage.py
@@ -27,12 +27,6 @@ class NodeHandler(bmchandler.NodeHandler):
     devname = 'BMC'
     maxmacs = 2
 
-    def validate_cert(self, certificate):
-        # broadly speaking, merely checks consistency moment to moment,
-        # but if https_cert gets stricter, this check means something
-        fprint = util.get_fingerprint(self.https_cert)
-        return util.cert_matches(fprint, certificate)
-
     async def get_webclient(self, user, passwd, newuser, newpass):
         wc = webclient.WebConnection(self.ipaddr, 443,
                                             verifycallback=self.validate_cert)
diff --git a/confluent_server/confluent/discovery/handlers/generic.py b/confluent_server/confluent/discovery/handlers/generic.py
index f3a0bb51..e1c2fa06 100644
--- a/confluent_server/confluent/discovery/handlers/generic.py
+++ b/confluent_server/confluent/discovery/handlers/generic.py
@@ -31,7 +31,7 @@ class NodeHandler(object):
 
     def __init__(self, info, configmanager):
         self._certfailreason = None
-        self._fp = None
+        self._savedcert = None
         self.info = info
         self.configmanager = configmanager
         targsa = [None]
@@ -71,10 +71,10 @@ class NodeHandler(object):
             wc = webclient.WebConnection(self._ipaddr, verifycallback=self._savecert, port=443)
             wc.connect()
             wc.close()
-            if not self._fp:
+            if not self._savedcert:
                 return False
             # Check if certificate is self-signed by comparing issuer and subject
-            cert = self._fp
+            cert = self._savedcert
             certobj = x509.load_der_x509_certificate(cert)
             skid = None
             akid = None
@@ -116,7 +116,7 @@ class NodeHandler(object):
         return macs <= self.maxmacs
 
     def _savecert(self, certificate):
-        self._fp = certificate
+        self._savedcert = certificate
         return True
 
     def get_node_credentials(self, nodename, creds, defuser, defpass):
@@ -152,8 +152,8 @@ class NodeHandler(object):
             return 'unreachable'
 
     async def get_https_cert(self):
-        if self._fp:
-            return self._fp
+        if self._savedcert:
+            return self._savedcert
         ip, port = await self.get_web_port_and_ip()
         wc = webclient.WebConnection(ip, verifycallback=self._savecert, port=port)
         try:
@@ -170,7 +170,14 @@ class NodeHandler(object):
         except Exception:
             self._certfailreason = 2
             return None
-        return self._fp
+        return self._savedcert
+    
+    def validate_cert(self, certificate):
+        if not self._savedcert:
+            self._savedcert = certificate
+            return True
+        fprint = util.get_fingerprint(self._savedcert)
+        return util.cert_matches(fprint, certificate)
 
     async def get_web_port_and_ip(self):
         if self.web_ip:
diff --git a/confluent_server/confluent/discovery/handlers/redfishbmc.py b/confluent_server/confluent/discovery/handlers/redfishbmc.py
index 64a20bad..094f7bf4 100644
--- a/confluent_server/confluent/discovery/handlers/redfishbmc.py
+++ b/confluent_server/confluent/discovery/handlers/redfishbmc.py
@@ -91,12 +91,6 @@ class NodeHandler(generic.NodeHandler):
         if uuid:
             self.info['uuid'] = uuid.lower()
 
-    def validate_cert(self, certificate):
-        # broadly speaking, merely checks consistency moment to moment,
-        # but if https_cert gets stricter, this check means something
-        fprint = util.get_fingerprint(self.https_cert)
-        return util.cert_matches(fprint, certificate)
-
     async def enable_ipmi(self, wc):
         mgrinfo = await self.mgrinfo(wc)
         npu =mgrinfo.get(
diff --git a/confluent_server/confluent/discovery/handlers/smm.py b/confluent_server/confluent/discovery/handlers/smm.py
index b586cb8c..e55e2503 100644
--- a/confluent_server/confluent/discovery/handlers/smm.py
+++ b/confluent_server/confluent/discovery/handlers/smm.py
@@ -61,14 +61,6 @@ class NodeHandler(bmchandler.NodeHandler):
             uuid = fixuuid(uuid[0])
             self.info['uuid'] = uuid
 
-    def _validate_cert(self, certificate):
-        # Assumption is by the time we call config, that discovery core has
-        # vetted self._fp.  Our job here then is just to make sure that
-        # the currect connection matches the previously saved cert
-        if not self._fp:  # circumstances are that we haven't validated yet
-            self._fp = certificate
-        return certificate == self._fp
-
     def _webconfigrules(self, wc):
         rules = []
         for rule in self.ruleset.split(','):
@@ -137,7 +129,7 @@ class NodeHandler(bmchandler.NodeHandler):
 
     def _webconfigcreds(self, username, password):
         ip, port = self.get_web_port_and_ip()
-        wc = webclient.WebConnection(ip, port, verifycallback=self._validate_cert)
+        wc = webclient.WebConnection(ip, port, verifycallback=self.validate_cert)
         wc.connect()
         authdata = {  # start by trying factory defaults
             'user': 'USERID',
diff --git a/confluent_server/confluent/discovery/handlers/tsm.py b/confluent_server/confluent/discovery/handlers/tsm.py
index dbfb30ca..d9f1a07e 100644
--- a/confluent_server/confluent/discovery/handlers/tsm.py
+++ b/confluent_server/confluent/discovery/handlers/tsm.py
@@ -49,12 +49,6 @@ class NodeHandler(generic.NodeHandler):
         if uuid:
             self.info['uuid'] = uuid.lower()
 
-    def validate_cert(self, certificate):
-        # broadly speaking, merely checks consistency moment to moment,
-        # but if https_cert gets stricter, this check means something
-        fprint = util.get_fingerprint(self.https_cert)
-        return util.cert_matches(fprint, certificate)
-
     async def _get_wc(self):
         authdata = {  # start by trying factory defaults
             'username': self.DEFAULT_USER,
diff --git a/confluent_server/confluent/discovery/handlers/xcc.py b/confluent_server/confluent/discovery/handlers/xcc.py
index 925c911e..86459d8d 100644
--- a/confluent_server/confluent/discovery/handlers/xcc.py
+++ b/confluent_server/confluent/discovery/handlers/xcc.py
@@ -193,12 +193,6 @@ class NodeHandler(immhandler.NodeHandler):
         #if ipmicmd:
         #    ipmicmd.ipmi_session.logout()
 
-    def validate_cert(self, certificate):
-        # broadly speaking, merely checks consistency moment to moment,
-        # but if https_cert gets stricter, this check means something
-        fprint = util.get_fingerprint(self.https_cert)
-        return util.cert_matches(fprint, certificate)
-
     async def get_webclient(self, username, password, newpassword):
         wc = self._wc.dupe()
         pwdchanged = False
diff --git a/confluent_server/confluent/discovery/handlers/xcc3.py b/confluent_server/confluent/discovery/handlers/xcc3.py
index b524b487..c1187190 100644
--- a/confluent_server/confluent/discovery/handlers/xcc3.py
+++ b/confluent_server/confluent/discovery/handlers/xcc3.py
@@ -72,9 +72,7 @@ class NodeHandler(redfishbmc.NodeHandler):
             if slot != 0:
                 self.info['enclosure.bay'] = slot
 
-    def validate_cert(self, certificate):
-        fprint = util.get_fingerprint(self.https_cert)
-        return util.cert_matches(fprint, certificate)
+
 
 
 def remote_nodecfg(nodename, cfm):