The framework intentionally supports both. You could get a certificate per service provider or per DID.