Tweak verify_cert's signature

The call can fail either due to an invalid cert or an internal error,
and we should distinguish between the two.