Unify x509 certs, keys and ca

right now, every service uses a seperate cert, key and ca, but they contain (mostly) the same content

one exception is the webapp which could use a commercial ca

(from redmine: created on 2013-09-13, closed on 2013-10-03, relates #3817 (closed), relates #3498)