I think a large part of my problem is the creation of a Certificate authority.
This will get a little Hypothetical so let me lay a few facts out on the table. Mandriva 2007 discontinues CA.sh in favor of CA.pl Certificates as far as I know, at least the demo certs are in /etc/pki/tls - not /usr/lib/ssl Its very possible, that said Certificate authority for Radius could hypothetically be used layer for IPSec. This being the case, what would the best strategy be for implementing a PKI CA. Should I make one Cert for every host? One server host and one client Cert for all hosts? Different CAs for different Services? How will Mandriva's architecture change affect this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
