diff --git a/app/src/androidTest/java/org/thoughtcrime/securesms/testing/FakeClientHelpers.kt b/app/src/androidTest/java/org/thoughtcrime/securesms/testing/FakeClientHelpers.kt
index a51b940e2c..24594ea9b1 100644
--- a/app/src/androidTest/java/org/thoughtcrime/securesms/testing/FakeClientHelpers.kt
+++ b/app/src/androidTest/java/org/thoughtcrime/securesms/testing/FakeClientHelpers.kt
@@ -2,8 +2,6 @@ package org.thoughtcrime.securesms.testing
 
 import okio.ByteString.Companion.toByteString
 import org.signal.core.util.Base64
-import org.signal.libsignal.internal.Native
-import org.signal.libsignal.internal.NativeHandleGuard
 import org.signal.libsignal.metadata.certificate.SenderCertificate
 import org.signal.libsignal.metadata.certificate.ServerCertificate
 import org.signal.libsignal.protocol.ecc.ECKeyPair
@@ -31,18 +29,8 @@ object FakeClientHelpers {
 
   fun createCertificateFor(trustRoot: ECKeyPair, uuid: UUID, e164: String, deviceId: Int, identityKey: ECPublicKey, expires: Long): SenderCertificate {
     val serverKey: ECKeyPair = ECKeyPair.generate()
-    NativeHandleGuard(serverKey.publicKey).use { serverPublicGuard ->
-      NativeHandleGuard(trustRoot.privateKey).use { trustRootPrivateGuard ->
-        val serverCertificate = ServerCertificate(Native.ServerCertificate_New(1, serverPublicGuard.nativeHandle(), trustRootPrivateGuard.nativeHandle()))
-        NativeHandleGuard(identityKey).use { identityGuard ->
-          NativeHandleGuard(serverCertificate).use { serverCertificateGuard ->
-            NativeHandleGuard(serverKey.privateKey).use { serverPrivateGuard ->
-              return SenderCertificate(Native.SenderCertificate_New(uuid.toString(), e164, deviceId, identityGuard.nativeHandle(), expires, serverCertificateGuard.nativeHandle(), serverPrivateGuard.nativeHandle()))
-            }
-          }
-        }
-      }
-    }
+    val serverCertificate = ServerCertificate(trustRoot.privateKey, 1, serverKey.publicKey)
+    return serverCertificate.issue(serverKey.privateKey, uuid.toString(), Optional.of(e164), deviceId, identityKey, expires)
   }
 
   fun getSealedSenderAccess(theirProfileKey: ProfileKey, senderCertificate: SenderCertificate): SealedSenderAccess? {
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
index 6e1ed63e0e..650e9ed542 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/api/crypto/SignalSealedSessionCipher.java
@@ -1,7 +1,5 @@
 package org.whispersystems.signalservice.api.crypto;
 
-import org.signal.libsignal.internal.Native;
-import org.signal.libsignal.internal.NativeHandleGuard;
 import org.signal.libsignal.metadata.InvalidMetadataMessageException;
 import org.signal.libsignal.metadata.InvalidMetadataVersionException;
 import org.signal.libsignal.metadata.ProtocolDuplicateMessageException;
diff --git a/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt b/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
index 2a9a39bc28..21032fcede 100644
--- a/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
+++ b/microbenchmark/src/androidTest/java/org/signal/util/SignalClient.kt
@@ -2,8 +2,6 @@ package org.signal.util
 
 import okio.ByteString.Companion.toByteString
 import org.signal.core.util.Base64
-import org.signal.libsignal.internal.Native
-import org.signal.libsignal.internal.NativeHandleGuard
 import org.signal.libsignal.metadata.certificate.CertificateValidator
 import org.signal.libsignal.metadata.certificate.SenderCertificate
 import org.signal.libsignal.metadata.certificate.ServerCertificate
@@ -185,18 +183,8 @@ class SignalClient {
 
 private fun createCertificateFor(trustRoot: ECKeyPair, uuid: UUID, e164: String, deviceId: Int, identityKey: ECPublicKey, expires: Long): SenderCertificate {
   val serverKey: ECKeyPair = ECKeyPair.generate()
-  NativeHandleGuard(serverKey.publicKey).use { serverPublicGuard ->
-    NativeHandleGuard(trustRoot.privateKey).use { trustRootPrivateGuard ->
-      val serverCertificate = ServerCertificate(Native.ServerCertificate_New(1, serverPublicGuard.nativeHandle(), trustRootPrivateGuard.nativeHandle()))
-      NativeHandleGuard(identityKey).use { identityGuard ->
-        NativeHandleGuard(serverCertificate).use { serverCertificateGuard ->
-          NativeHandleGuard(serverKey.privateKey).use { serverPrivateGuard ->
-            return SenderCertificate(Native.SenderCertificate_New(uuid.toString(), e164, deviceId, identityGuard.nativeHandle(), expires, serverCertificateGuard.nativeHandle(), serverPrivateGuard.nativeHandle()))
-          }
-        }
-      }
-    }
-  }
+  val serverCertificate = ServerCertificate(trustRoot.privateKey, 1, serverKey.publicKey)
+  return serverCertificate.issue(serverKey.privateKey, uuid.toString(), Optional.of(e164), deviceId, identityKey, expires)
 }
 
 private class TestSessionLock : SignalSessionLock {