After a discussion on the debian-devel mailing list about having a system for unifying the way packages create SSL certificates, a couple of things became apparent. Firstly that the idea was a good one, and secondly that the existing tool that tries to do this (ssl-cert) is not good enough.
So I decided that I could do better and started writing the next generation of the tool. This version aims to have different modes of operation, and allow the system admin the choice of how certificates should be handled. As an added bonus it makes it easier for package maintainers to create and use SSL certificates.
You can see an overview of the design, and the current status of the work here. There is also the source code of the project in a bzr branch. I would welcome any comments that anyone has on the design of the project, as I am sure I haven't thought of every situation yet.