No need to reinvent the wheel when we already have an eclass in place for this; see openldap, postfix or other ebuilds. ;) (Or I can attach a patch if you'd like, just let me know).
You are welcome to write a patch, since it uses pem files for several things, and I don't know how to get it fixed.
Considering Bug 174759, lets just close this.