During testing, it was observed that large numbers of nodes cause the gencerts scripts to take a large amount of time to process.
This was due to a loop in the middle of the code that performs a brute force name search by processing all signed certificates.
I have an incoming patch that appears to alleviate the issue.