Strictly speaking, a PKI can validate that a message comes from an entity that has access to a certain private key. So, if you can ensure that only your specific process has access to the given private key, Bob's your uncle!

I think that a simple read lock should fulfill your requirement of giving merely one process access to a certificate repository. I caught a glimpse of the existing literature and found a patent about a read and write lock management at https://www.google.com/patents/US6029190. I hope it helps you.