diff --git a/webrtc/api/api_tests.gyp b/webrtc/api/api_tests.gyp
index e58fdbcb28..b9778a31a5 100644
--- a/webrtc/api/api_tests.gyp
+++ b/webrtc/api/api_tests.gyp
@@ -51,8 +51,8 @@
         'test/fakeaudiocapturemodule_unittest.cc',
         'test/fakeconstraints.h',
         'test/fakedatachannelprovider.h',
-        'test/fakedtlsidentitystore.h',
         'test/fakeperiodicvideocapturer.h',
+        'test/fakertccertificategenerator.h',
         'test/fakevideotrackrenderer.h',
         'test/mockpeerconnectionobservers.h',
         'test/peerconnectiontestwrapper.h',
diff --git a/webrtc/api/peerconnection_unittest.cc b/webrtc/api/peerconnection_unittest.cc
index 44d752db72..20cd7a6439 100644
--- a/webrtc/api/peerconnection_unittest.cc
+++ b/webrtc/api/peerconnection_unittest.cc
@@ -26,8 +26,8 @@
 #include "webrtc/api/peerconnectioninterface.h"
 #include "webrtc/api/test/fakeaudiocapturemodule.h"
 #include "webrtc/api/test/fakeconstraints.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
 #include "webrtc/api/test/fakeperiodicvideocapturer.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotrackrenderer.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/base/gunit.h"
@@ -154,12 +154,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       const std::string& id,
       const MediaConstraintsInterface* constraints,
       const PeerConnectionFactory::Options* options,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store,
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
       bool prefer_constraint_apis,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
     PeerConnectionTestClient* client(new PeerConnectionTestClient(id));
-    if (!client->Init(constraints, options, std::move(dtls_identity_store),
+    if (!client->Init(constraints, options, std::move(cert_generator),
                       prefer_constraint_apis, network_thread, worker_thread)) {
       delete client;
       return nullptr;
@@ -173,12 +173,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       const PeerConnectionFactory::Options* options,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
 
     return CreateClientWithDtlsIdentityStore(
-        id, constraints, options, std::move(dtls_identity_store), true,
+        id, constraints, options, std::move(cert_generator), true,
         network_thread, worker_thread);
   }
 
@@ -187,12 +187,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       const PeerConnectionFactory::Options* options,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
 
     return CreateClientWithDtlsIdentityStore(
-        id, nullptr, options, std::move(dtls_identity_store), false,
+        id, nullptr, options, std::move(cert_generator), false,
         network_thread, worker_thread);
   }
 
@@ -810,7 +810,7 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
   bool Init(
       const MediaConstraintsInterface* constraints,
       const PeerConnectionFactory::Options* options,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store,
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
       bool prefer_constraint_apis,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
@@ -842,23 +842,23 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       peer_connection_factory_->SetOptions(*options);
     }
     peer_connection_ = CreatePeerConnection(
-        std::move(port_allocator), constraints, std::move(dtls_identity_store));
+        std::move(port_allocator), constraints, std::move(cert_generator));
     return peer_connection_.get() != nullptr;
   }
 
   rtc::scoped_refptr<webrtc::PeerConnectionInterface> CreatePeerConnection(
       std::unique_ptr<cricket::PortAllocator> port_allocator,
       const MediaConstraintsInterface* constraints,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store) {
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator) {
     // CreatePeerConnection with RTCConfiguration.
     webrtc::PeerConnectionInterface::RTCConfiguration config;
     webrtc::PeerConnectionInterface::IceServer ice_server;
     ice_server.uri = "stun:stun.l.google.com:19302";
     config.servers.push_back(ice_server);
 
-    return peer_connection_factory_->CreatePeerConnectionWithStore(
+    return peer_connection_factory_->CreatePeerConnection(
         config, constraints, std::move(port_allocator),
-        std::move(dtls_identity_store), this);
+        std::move(cert_generator), this);
   }
 
   void HandleIncomingOffer(const std::string& msg) {
@@ -1266,15 +1266,15 @@ class P2PTestConductor : public testing::Test {
     setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                    true);
 
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
-    dtls_identity_store->use_alternate_key();
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
+    cert_generator->use_alternate_key();
 
     // Make sure the new client is using a different certificate.
     return PeerConnectionTestClient::CreateClientWithDtlsIdentityStore(
         "New Peer: ", &setup_constraints, nullptr,
-        std::move(dtls_identity_store), prefer_constraint_apis_,
+        std::move(cert_generator), prefer_constraint_apis_,
         network_thread_.get(), worker_thread_.get());
   }
 
diff --git a/webrtc/api/peerconnectionfactory_unittest.cc b/webrtc/api/peerconnectionfactory_unittest.cc
index fde5260e42..209587de85 100644
--- a/webrtc/api/peerconnectionfactory_unittest.cc
+++ b/webrtc/api/peerconnectionfactory_unittest.cc
@@ -17,7 +17,7 @@
 #ifdef WEBRTC_ANDROID
 #include "webrtc/api/test/androidtestinitializer.h"
 #endif
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotrackrenderer.h"
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/thread.h"
@@ -142,11 +142,10 @@ TEST(PeerConnectionFactoryTestInternal, CreatePCUsingInternalModules) {
   NullPeerConnectionObserver observer;
   webrtc::PeerConnectionInterface::RTCConfiguration config;
 
-  std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory->CreatePeerConnectionWithStore(
-          config, nullptr, nullptr, std::move(dtls_identity_store), &observer));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory->CreatePeerConnection(
+      config, nullptr, nullptr, std::move(cert_generator), &observer));
 
   EXPECT_TRUE(pc.get() != nullptr);
 }
@@ -164,12 +163,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIceServers) {
   ice_server.uri = kTurnIceServerWithTransport;
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   cricket::ServerAddresses stun_servers;
   rtc::SocketAddress stun1("stun.l.google.com", 19302);
@@ -195,12 +193,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIceServersUrls) {
   ice_server.urls.push_back(kTurnIceServerWithTransport);
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-        config, nullptr, std::move(port_allocator_),
-        std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   cricket::ServerAddresses stun_servers;
   rtc::SocketAddress stun1("stun.l.google.com", 19302);
@@ -225,12 +222,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingNoUsernameInUri) {
   ice_server.username = kTurnUsername;
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   std::vector<cricket::RelayServerConfig> turn_servers;
   cricket::RelayServerConfig turn("test.com", 1234, kTurnUsername,
@@ -247,12 +243,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingTurnUrlWithTransportParam) {
   ice_server.uri = kTurnIceServerWithTransport;
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   std::vector<cricket::RelayServerConfig> turn_servers;
   cricket::RelayServerConfig turn("hello.com", kDefaultStunPort, "test",
@@ -273,12 +268,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingSecureTurnUrl) {
   ice_server.uri = kSecureTurnIceServerWithoutTransportAndPortParam;
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   std::vector<cricket::RelayServerConfig> turn_servers;
   cricket::RelayServerConfig turn1("hello.com", kDefaultStunTlsPort, "test",
@@ -309,12 +303,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIPLiteralAddress) {
   ice_server.uri = kTurnIceServerWithIPv6Address;
   ice_server.password = kTurnPassword;
   config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
   ASSERT_TRUE(pc.get() != NULL);
   cricket::ServerAddresses stun_servers;
   rtc::SocketAddress stun1("1.2.3.4", 1234);
diff --git a/webrtc/api/peerconnectioninterface.h b/webrtc/api/peerconnectioninterface.h
index 3a1b8dd988..5ff8019a04 100644
--- a/webrtc/api/peerconnectioninterface.h
+++ b/webrtc/api/peerconnectioninterface.h
@@ -603,46 +603,12 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface {
       std::unique_ptr<cricket::PortAllocator> allocator,
       std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
       PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as unittests stop using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnectionWithStore(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      const MediaConstraintsInterface* constraints,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
-    return CreatePeerConnection(
-        configuration,
-        constraints,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }
 
   virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
       const PeerConnectionInterface::RTCConfiguration& configuration,
       std::unique_ptr<cricket::PortAllocator> allocator,
       std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
       PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as unittests stop using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnectionWithStore(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
-    return CreatePeerConnection(
-        configuration,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }
 
   virtual rtc::scoped_refptr<MediaStreamInterface>
       CreateLocalMediaStream(const std::string& label) = 0;
diff --git a/webrtc/api/peerconnectioninterface_unittest.cc b/webrtc/api/peerconnectioninterface_unittest.cc
index 88a25b6f7b..7addbec477 100644
--- a/webrtc/api/peerconnectioninterface_unittest.cc
+++ b/webrtc/api/peerconnectioninterface_unittest.cc
@@ -26,7 +26,7 @@
 #include "webrtc/api/test/androidtestinitializer.h"
 #endif
 #include "webrtc/api/test/fakeconstraints.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotracksource.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/api/test/testsdpstrings.h"
@@ -595,17 +595,17 @@ class PeerConnectionInterfaceTest : public testing::Test {
           webrtc::MediaConstraintsInterface::kEnableDtlsSrtp, false);
     }
 
-    std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store;
+    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator;
     bool dtls;
     if (FindConstraint(constraints,
                        webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
                        &dtls,
                        nullptr) && dtls) {
-      dtls_identity_store.reset(new FakeDtlsIdentityStore());
+      cert_generator.reset(new FakeRTCCertificateGenerator());
     }
-    pc_ = pc_factory_->CreatePeerConnectionWithStore(
+    pc_ = pc_factory_->CreatePeerConnection(
         config, constraints, std::move(port_allocator),
-        std::move(dtls_identity_store), &observer_);
+        std::move(cert_generator), &observer_);
     ASSERT_TRUE(pc_.get() != NULL);
     observer_.SetPeerConnectionInterface(pc_.get());
     EXPECT_EQ(PeerConnectionInterface::kStable, observer_.state_);
diff --git a/webrtc/api/test/fakedtlsidentitystore.h b/webrtc/api/test/fakertccertificategenerator.h
similarity index 86%
rename from webrtc/api/test/fakedtlsidentitystore.h
rename to webrtc/api/test/fakertccertificategenerator.h
index 58de38fb32..eaef737765 100644
--- a/webrtc/api/test/fakedtlsidentitystore.h
+++ b/webrtc/api/test/fakertccertificategenerator.h
@@ -8,8 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#ifndef WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
-#define WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
+#ifndef WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_
+#define WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_
 
 #include <memory>
 #include <string>
@@ -118,13 +118,14 @@ static const rtc::RTCCertificatePEM kEcdsaPems[] = {
         "-----END CERTIFICATE-----\n")
 };
 
-class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
-                              public rtc::MessageHandler {
+class FakeRTCCertificateGenerator
+    : public rtc::RTCCertificateGeneratorInterface,
+      public rtc::MessageHandler {
  public:
   typedef rtc::TypedMessageData<rtc::scoped_refptr<
-      webrtc::DtlsIdentityRequestObserver> > MessageData;
+      rtc::RTCCertificateGeneratorCallback> > MessageData;
 
-  FakeDtlsIdentityStore() : should_fail_(false) {}
+  FakeRTCCertificateGenerator() : should_fail_(false) {}
 
   void set_should_fail(bool should_fail) {
     should_fail_ = should_fail;
@@ -133,16 +134,16 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   void use_original_key() { key_index_ = 0; }
   void use_alternate_key() { key_index_ = 1; }
 
-  void RequestIdentity(
+  void GenerateCertificateAsync(
       const rtc::KeyParams& key_params,
       const rtc::Optional<uint64_t>& expires_ms,
-      const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
-          observer) override {
+      const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>&
+          callback) override {
     // The certificates are created from constant PEM strings and use its coded
     // expiration time, we do not support modifying it.
     RTC_DCHECK(!expires_ms);
     MessageData* msg = new MessageData(
-        rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>(observer));
+        rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>(callback));
     uint32_t msg_id;
     // Only supports RSA-1024-0x10001 and ECDSA-P256.
     if (should_fail_) {
@@ -160,22 +161,15 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   }
 
   static rtc::scoped_refptr<rtc::RTCCertificate> GenerateCertificate() {
-    std::unique_ptr<rtc::SSLIdentity> identity;
     switch (rtc::KT_DEFAULT) {
     case rtc::KT_RSA:
-      identity.reset(
-          rtc::SSLIdentity::FromPEMStrings(kRsaPems[0].private_key(),
-                                           kRsaPems[0].certificate()));
-      break;
+      return rtc::RTCCertificate::FromPEM(kRsaPems[0]);
     case rtc::KT_ECDSA:
-      identity.reset(
-          rtc::SSLIdentity::FromPEMStrings(kEcdsaPems[0].private_key(),
-                                           kEcdsaPems[0].certificate()));
-      break;
+      return rtc::RTCCertificate::FromPEM(kEcdsaPems[0]);
     default:
       RTC_NOTREACHED();
+      return nullptr;
     }
-    return rtc::RTCCertificate::Create(std::move(identity));
   }
 
  private:
@@ -206,21 +200,21 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   // rtc::MessageHandler implementation.
   void OnMessage(rtc::Message* msg) override {
     MessageData* message_data = static_cast<MessageData*>(msg->pdata);
-    rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer =
+    rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback> callback =
         message_data->data();
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate;
     switch (msg->message_id) {
       case MSG_SUCCESS_RSA:
       case MSG_SUCCESS_ECDSA: {
         rtc::KeyType key_type =
             msg->message_id == MSG_SUCCESS_RSA ? rtc::KT_RSA : rtc::KT_ECDSA;
-        std::unique_ptr<rtc::SSLIdentity> identity(
-            rtc::SSLIdentity::FromPEMStrings(get_key(key_type),
-                                             get_cert(key_type)));
-        observer->OnSuccess(std::move(identity));
+        certificate = rtc::RTCCertificate::FromPEM(get_pem(key_type));
+        RTC_DCHECK(certificate);
+        callback->OnSuccess(certificate);
         break;
       }
       case MSG_FAILURE:
-        observer->OnFailure(0);
+        callback->OnFailure();
         break;
     }
     delete message_data;
@@ -230,4 +224,4 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   int key_index_ = 0;
 };
 
-#endif  // WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
+#endif  // WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_
diff --git a/webrtc/api/test/peerconnectiontestwrapper.cc b/webrtc/api/test/peerconnectiontestwrapper.cc
index f4027da6f3..450a908520 100644
--- a/webrtc/api/test/peerconnectiontestwrapper.cc
+++ b/webrtc/api/test/peerconnectiontestwrapper.cc
@@ -10,8 +10,8 @@
 
 #include <utility>
 
-#include "webrtc/api/test/fakedtlsidentitystore.h"
 #include "webrtc/api/test/fakeperiodicvideocapturer.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/api/test/peerconnectiontestwrapper.h"
 #include "webrtc/base/gunit.h"
@@ -79,12 +79,12 @@ bool PeerConnectionTestWrapper::CreatePc(
   webrtc::PeerConnectionInterface::IceServer ice_server;
   ice_server.uri = "stun:stun.l.google.com:19302";
   config.servers.push_back(ice_server);
-  std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store(
-      rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
+  std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
+      rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeRTCCertificateGenerator()
                                             : nullptr);
-  peer_connection_ = peer_connection_factory_->CreatePeerConnectionWithStore(
-      config, constraints, std::move(port_allocator),
-      std::move(dtls_identity_store), this);
+  peer_connection_ = peer_connection_factory_->CreatePeerConnection(
+      config, constraints, std::move(port_allocator), std::move(cert_generator),
+      this);
 
   return peer_connection_.get() != NULL;
 }
diff --git a/webrtc/api/webrtcsession_unittest.cc b/webrtc/api/webrtcsession_unittest.cc
index 571e1994f4..f2ac38c438 100644
--- a/webrtc/api/webrtcsession_unittest.cc
+++ b/webrtc/api/webrtcsession_unittest.cc
@@ -19,7 +19,7 @@
 #include "webrtc/api/jsepsessiondescription.h"
 #include "webrtc/api/peerconnection.h"
 #include "webrtc/api/sctputils.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/videotrack.h"
 #include "webrtc/api/webrtcsession.h"
 #include "webrtc/api/webrtcsessiondescriptionfactory.h"
@@ -376,13 +376,12 @@ class WebRtcSessionTest
     network_manager_.RemoveInterface(addr);
   }
 
-  // If |dtls_identity_store| != null or |rtc_configuration| contains
-  // |certificates| then DTLS will be enabled unless explicitly disabled by
-  // |rtc_configuration| options. When DTLS is enabled a certificate will be
-  // used if provided, otherwise one will be generated using the
-  // |dtls_identity_store|.
+  // If |cert_generator| != null or |rtc_configuration| contains |certificates|
+  // then DTLS will be enabled unless explicitly disabled by |rtc_configuration|
+  // options. When DTLS is enabled a certificate will be used if provided,
+  // otherwise one will be generated using the |cert_generator|.
   void Init(
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store) {
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator) {
     ASSERT_TRUE(session_.get() == NULL);
     session_.reset(new WebRtcSessionForTest(
         media_controller_.get(), rtc::Thread::Current(), rtc::Thread::Current(),
@@ -397,9 +396,6 @@ class WebRtcSessionTest
     EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
         observer_.ice_gathering_state_);
 
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
-        dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper(
-            std::move(dtls_identity_store)) : nullptr);
     EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator),
                                      configuration_));
     session_->set_metrics_observer(metrics_observer_);
@@ -431,25 +427,25 @@ class WebRtcSessionTest
   // Successfully init with DTLS; with a certificate generated and supplied or
   // with a store that generates it for us.
   void InitWithDtls(RTCCertificateGenerationMethod cert_gen_method) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store;
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator;
     if (cert_gen_method == ALREADY_GENERATED) {
       configuration_.certificates.push_back(
-          FakeDtlsIdentityStore::GenerateCertificate());
+          FakeRTCCertificateGenerator::GenerateCertificate());
     } else if (cert_gen_method == DTLS_IDENTITY_STORE) {
-      dtls_identity_store.reset(new FakeDtlsIdentityStore());
-      dtls_identity_store->set_should_fail(false);
+      cert_generator.reset(new FakeRTCCertificateGenerator());
+      cert_generator->set_should_fail(false);
     } else {
       RTC_CHECK(false);
     }
-    Init(std::move(dtls_identity_store));
+    Init(std::move(cert_generator));
   }
 
   // Init with DTLS with a store that will fail to generate a certificate.
   void InitWithDtlsIdentityGenFail() {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        new FakeDtlsIdentityStore());
-    dtls_identity_store->set_should_fail(true);
-    Init(std::move(dtls_identity_store));
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        new FakeRTCCertificateGenerator());
+    cert_generator->set_should_fail(true);
+    Init(std::move(cert_generator));
   }
 
   void InitWithDtmfCodec() {
@@ -4106,7 +4102,7 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelOpenMessage) {
 
 TEST_P(WebRtcSessionTest, TestUsesProvidedCertificate) {
   rtc::scoped_refptr<rtc::RTCCertificate> certificate =
-      FakeDtlsIdentityStore::GenerateCertificate();
+      FakeRTCCertificateGenerator::GenerateCertificate();
 
   configuration_.certificates.push_back(certificate);
   Init();