Make sure you have adequate random entropy to strongly create all those certs. Consider installing haveged. In fact install it on all your servers, as randomness is needed for every TLS setup and message.
I really don't think the cert management interface is rich enough. I don't expect to dig into this for a couple weeks so could be wrong on my assessment.