Full load of certificate crap

When will these vendors realize that 50% (if not 90%) of the problems with federation product implementation is from certificates..create/add/modify/delete/associate/whatever
If you don't make this steps clear and easy it's gonna be a pain in the ass...
Redirecting users to openssl, 3rd party CA is okay, as long as you document it properly!