diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
index 93d31d5..98646c4 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -136,7 +136,7 @@ sysnet_read_config(abrt_t)
 logging_read_generic_logs(abrt_t)
 logging_send_syslog_msg(abrt_t)
 
-miscfiles_read_certs(abrt_t)
+miscfiles_read_generic_certs(abrt_t)
 miscfiles_read_localization(abrt_t)
 
 userdom_dontaudit_read_user_home_content_files(abrt_t)
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index cf34b4e..3e8002a 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -143,7 +143,7 @@ init_stream_connect_script(amavis_t)
 
 logging_send_syslog_msg(amavis_t)
 
-miscfiles_read_certs(amavis_t)
+miscfiles_read_generic_certs(amavis_t)
 miscfiles_read_localization(amavis_t)
 
 sysnet_dns_name_resolve(amavis_t)
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index e33b9cd..08dfa0c 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -410,7 +410,7 @@ logging_send_syslog_msg(httpd_t)
 miscfiles_read_localization(httpd_t)
 miscfiles_read_fonts(httpd_t)
 miscfiles_read_public_files(httpd_t)
-miscfiles_read_certs(httpd_t)
+miscfiles_read_generic_certs(httpd_t)
 
 seutil_dontaudit_search_config(httpd_t)
 
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
index a3eaf94..39799db 100644
--- a/policy/modules/services/automount.te
+++ b/policy/modules/services/automount.te
@@ -141,7 +141,7 @@ logging_send_syslog_msg(automount_t)
 logging_search_logs(automount_t)
 
 miscfiles_read_localization(automount_t)
-miscfiles_read_certs(automount_t)
+miscfiles_read_generic_certs(automount_t)
 
 # Run mount in the mount_t domain.
 mount_domtrans(automount_t)
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index e4c76d0..b7bf6f0 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -85,7 +85,7 @@ init_signull_script(avahi_t)
 logging_send_syslog_msg(avahi_t)
 
 miscfiles_read_localization(avahi_t)
-miscfiles_read_certs(avahi_t)
+miscfiles_read_generic_certs(avahi_t)
 
 sysnet_domtrans_ifconfig(avahi_t)
 sysnet_manage_config(avahi_t)
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 2be1518..4deca04 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -142,7 +142,7 @@ auth_use_nsswitch(named_t)
 logging_send_syslog_msg(named_t)
 
 miscfiles_read_localization(named_t)
-miscfiles_read_certs(named_t)
+miscfiles_read_generic_certs(named_t)
 
 userdom_dontaudit_use_unpriv_user_fds(named_t)
 userdom_dontaudit_search_user_home_dirs(named_t)
diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
index 27fe7ca..9629d3d 100644
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@@ -110,8 +110,8 @@ interface(`certmaster_admin',`
 	allow $2 system_r;
 
 	files_list_etc($1)
-	miscfiles_manage_cert_dirs($1)	
-	miscfiles_manage_cert_files($1)	
+	miscfiles_manage_generic_cert_dirs($1)	
+	miscfiles_manage_generic_cert_files($1)	
 
 	admin_pattern($1, certmaster_etc_rw_t)
 
diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
index 9e83ed7..7106981 100644
--- a/policy/modules/services/certmonger.te
+++ b/policy/modules/services/certmonger.te
@@ -54,7 +54,7 @@ files_list_tmp(certmonger_t)
 logging_send_syslog_msg(certmonger_t)
 
 miscfiles_read_localization(certmonger_t)
-miscfiles_manage_cert_files(certmonger_t)
+miscfiles_manage_generic_cert_files(certmonger_t)
 
 sysnet_dns_name_resolve(certmonger_t)
 
diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te
index 2a0f1c1..e182bf4 100644
--- a/policy/modules/services/cyrus.te
+++ b/policy/modules/services/cyrus.te
@@ -104,7 +104,7 @@ libs_exec_lib_files(cyrus_t)
 logging_send_syslog_msg(cyrus_t)
 
 miscfiles_read_localization(cyrus_t)
-miscfiles_read_certs(cyrus_t)
+miscfiles_read_generic_certs(cyrus_t)
 
 sysnet_read_config(cyrus_t)
 
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index b738e94..b354128 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -127,7 +127,7 @@ logging_send_audit_msgs(system_dbusd_t)
 logging_send_syslog_msg(system_dbusd_t)
 
 miscfiles_read_localization(system_dbusd_t)
-miscfiles_read_certs(system_dbusd_t)
+miscfiles_read_generic_certs(system_dbusd_t)
 
 seutil_read_config(system_dbusd_t)
 seutil_read_default_contexts(system_dbusd_t)
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index 14c6a2e..cbe14e4 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -141,7 +141,7 @@ auth_use_nsswitch(dovecot_t)
 
 logging_send_syslog_msg(dovecot_t)
 
-miscfiles_read_certs(dovecot_t)
+miscfiles_read_generic_certs(dovecot_t)
 miscfiles_read_localization(dovecot_t)
 
 userdom_dontaudit_use_unpriv_user_fds(dovecot_t)
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
index db36bfa..f28f64b 100644
--- a/policy/modules/services/exim.te
+++ b/policy/modules/services/exim.te
@@ -120,7 +120,7 @@ auth_use_nsswitch(exim_t)
 logging_send_syslog_msg(exim_t)
 
 miscfiles_read_localization(exim_t)
-miscfiles_read_certs(exim_t)
+miscfiles_read_generic_certs(exim_t)
 
 userdom_dontaudit_search_user_home_dirs(exim_t)
 
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index c92403b..dc2c044 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -79,7 +79,7 @@ domain_use_interactive_fds(fetchmail_t)
 logging_send_syslog_msg(fetchmail_t)
 
 miscfiles_read_localization(fetchmail_t)
-miscfiles_read_certs(fetchmail_t)
+miscfiles_read_generic_certs(fetchmail_t)
 
 sysnet_read_config(fetchmail_t)
 
diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te
index ffa96c6..64fd1ff 100644
--- a/policy/modules/services/ldap.te
+++ b/policy/modules/services/ldap.te
@@ -109,7 +109,7 @@ auth_use_nsswitch(slapd_t)
 
 logging_send_syslog_msg(slapd_t)
 
-miscfiles_read_certs(slapd_t)
+miscfiles_read_generic_certs(slapd_t)
 miscfiles_read_localization(slapd_t)
 
 userdom_dontaudit_use_unpriv_user_fds(slapd_t)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 442cff9..0619395 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -131,7 +131,7 @@ auth_use_nsswitch(NetworkManager_t)
 logging_send_syslog_msg(NetworkManager_t)
 
 miscfiles_read_localization(NetworkManager_t)
-miscfiles_read_certs(NetworkManager_t)
+miscfiles_read_generic_certs(NetworkManager_t)
 
 modutils_domtrans_insmod(NetworkManager_t)
 
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index f3d5790..8b550f4 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -105,7 +105,7 @@ auth_use_pam(openvpn_t)
 logging_send_syslog_msg(openvpn_t)
 
 miscfiles_read_localization(openvpn_t)
-miscfiles_read_certs(openvpn_t)
+miscfiles_read_all_certs(openvpn_t)
 
 sysnet_dns_name_resolve(openvpn_t)
 sysnet_exec_ifconfig(openvpn_t)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index c48b45b..46bee12 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -90,7 +90,7 @@ template(`postfix_domain_template',`
 	logging_send_syslog_msg(postfix_$1_t)
 
 	miscfiles_read_localization(postfix_$1_t)
-	miscfiles_read_certs(postfix_$1_t)
+	miscfiles_read_generic_certs(postfix_$1_t)
 
 	userdom_dontaudit_use_unpriv_user_fds(postfix_$1_t)
 
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index c53f222..db6296a 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -110,7 +110,7 @@ libs_exec_lib_files(radiusd_t)
 logging_send_syslog_msg(radiusd_t)
 
 miscfiles_read_localization(radiusd_t)
-miscfiles_read_certs(radiusd_t)
+miscfiles_read_generic_certs(radiusd_t)
 
 userdom_dontaudit_use_unpriv_user_fds(radiusd_t)
 userdom_dontaudit_search_user_home_dirs(radiusd_t)
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index a3b9f86..8e1ab72 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -93,7 +93,7 @@ storage_getattr_fixed_disk_dev(rpcd_t)
 
 selinux_dontaudit_read_fs(rpcd_t)
 
-miscfiles_read_certs(rpcd_t)
+miscfiles_read_generic_certs(rpcd_t)
 
 seutil_dontaudit_search_config(rpcd_t)
 
@@ -208,7 +208,7 @@ files_dontaudit_write_var_dirs(gssd_t)
 auth_use_nsswitch(gssd_t)
 auth_manage_cache(gssd_t)
 
-miscfiles_read_certs(gssd_t)
+miscfiles_read_generic_certs(gssd_t)
 
 mount_signal(gssd_t)
 
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
index 41d60ad..22184ad 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -79,7 +79,7 @@ init_dontaudit_stream_connect_script(saslauthd_t)
 logging_send_syslog_msg(saslauthd_t)
 
 miscfiles_read_localization(saslauthd_t)
-miscfiles_read_certs(saslauthd_t)
+miscfiles_read_generic_certs(saslauthd_t)
 
 seutil_dontaudit_read_config(saslauthd_t)
 
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 53dd7d0..22dac1f 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -99,7 +99,7 @@ libs_read_lib_files(sendmail_t)
 logging_send_syslog_msg(sendmail_t)
 logging_dontaudit_write_generic_logs(sendmail_t)
 
-miscfiles_read_certs(sendmail_t)
+miscfiles_read_generic_certs(sendmail_t)
 miscfiles_read_localization(sendmail_t)
 
 userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
index e219c1f..4b2230e 100644
--- a/policy/modules/services/squid.te
+++ b/policy/modules/services/squid.te
@@ -160,7 +160,7 @@ libs_exec_lib_files(squid_t)
 
 logging_send_syslog_msg(squid_t)
 
-miscfiles_read_certs(squid_t)
+miscfiles_read_generic_certs(squid_t)
 miscfiles_read_localization(squid_t)
 
 userdom_use_unpriv_users_fds(squid_t)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 5437ffb..22adaca 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -388,7 +388,7 @@ template(`ssh_role_template',`
 	logging_send_syslog_msg($1_ssh_agent_t)
 
 	miscfiles_read_localization($1_ssh_agent_t)
-	miscfiles_read_certs($1_ssh_agent_t)
+	miscfiles_read_generic_certs($1_ssh_agent_t)
 
 	seutil_dontaudit_read_config($1_ssh_agent_t)
 
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index 3cce663..3eca020 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -277,7 +277,7 @@ term_use_ptmx(virtd_t)
 auth_use_nsswitch(virtd_t)
 
 miscfiles_read_localization(virtd_t)
-miscfiles_read_certs(virtd_t)
+miscfiles_read_generic_certs(virtd_t)
 miscfiles_read_hwdata(virtd_t)
 
 modutils_read_module_deps(virtd_t)
diff --git a/policy/modules/services/w3c.te b/policy/modules/services/w3c.te
index 2dec92e..1174ad8 100644
--- a/policy/modules/services/w3c.te
+++ b/policy/modules/services/w3c.te
@@ -19,6 +19,6 @@ corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t)
 corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t)
 corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
 
-miscfiles_read_certs(httpd_w3c_validator_script_t)
+miscfiles_read_generic_certs(httpd_w3c_validator_script_t)
 
 sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 7fddc24..bea0ade 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -357,7 +357,7 @@ interface(`auth_domtrans_chk_passwd',`
 
 	logging_send_audit_msgs($1)
 
-	miscfiles_read_certs($1)
+	miscfiles_read_generic_certs($1)
 
 	optional_policy(`
 		kerberos_read_keytab($1)
@@ -1505,7 +1505,7 @@ interface(`auth_use_nsswitch',`
 	# read /etc/nsswitch.conf
 	files_read_etc_files($1)
 
-	miscfiles_read_certs($1)
+	miscfiles_read_generic_certs($1)
 
 	sysnet_dns_name_resolve($1)
 	sysnet_use_ldap($1)
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 7233a6d..54d122b 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -280,7 +280,7 @@ init_use_script_ptys(pam_console_t)
 logging_send_syslog_msg(pam_console_t)
 
 miscfiles_read_localization(pam_console_t)
-miscfiles_read_certs(pam_console_t)
+miscfiles_read_generic_certs(pam_console_t)
 
 seutil_read_file_contexts(pam_console_t)
 
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 17de283..0b6b31d 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -2,16 +2,79 @@
 
 ########################################
 ## <summary>
-##	Read system SSL certificates.
+##	Make the specified type usable as a cert file.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for cert files.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a temporary file may result in problems with
+##	cert management tools.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_type()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mycertfile_t;
+##	cert_type(mycertfile_t)
+##	allow mydomain_t mycertfile_t:file read_file_perms;
+##	files_search_etc(mydomain_t)
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`miscfiles_cert_type',`
+	gen_require(`
+		attribute cert_type;
+	')
+
+	typeattribute $1 cert_type;
+	files_type($1)
+')
+
+########################################
+## <summary>
+##	Read all SSL certificates.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
-interface(`miscfiles_read_certs',`
+interface(`miscfiles_read_all_certs',`
+	gen_require(`
+		attribute cert_type;
+	')
+
+	allow $1 cert_type:dir list_dir_perms;
+	read_files_pattern($1, cert_type, cert_type)
+	read_lnk_files_pattern($1, cert_type, cert_type)
+')
+
+########################################
+## <summary>
+##	Read generic SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_read_generic_certs',`
 	gen_require(`
 		type cert_t;
 	')
@@ -23,16 +86,15 @@ interface(`miscfiles_read_certs',`
 
 ########################################
 ## <summary>
-##	manange system SSL certificates.
+##	Manage generic SSL certificates.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
-interface(`miscfiles_manage_cert_dirs',`
+interface(`miscfiles_manage_generic_cert_dirs',`
 	gen_require(`
 		type cert_t;
 	')
@@ -42,16 +104,15 @@ interface(`miscfiles_manage_cert_dirs',`
 
 ########################################
 ## <summary>
-##	manange system SSL certificates.
+##	Manage generic SSL certificates.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
-interface(`miscfiles_manage_cert_files',`
+interface(`miscfiles_manage_generic_cert_files',`
 	gen_require(`
 		type cert_t;
 	')
@@ -62,6 +123,51 @@ interface(`miscfiles_manage_cert_files',`
 
 ########################################
 ## <summary>
+##	Read SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_read_certs',`
+	miscfiles_read_generic_certs($1)
+	refpolicywarn(`$0() has been deprecated, please use miscfiles_read_generic_certs() instead.')
+')
+
+########################################
+## <summary>
+##	Manage SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_manage_cert_dirs',`
+	miscfiles_manage_generic_cert_dirs($1)
+	refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_dirs() instead.')
+')
+
+########################################
+## <summary>
+##	Manage SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_manage_cert_files',`
+	miscfiles_manage_generic_cert_files($1)
+	refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_files() instead.')
+')
+
+########################################
+## <summary>
 ##	Read fonts.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index 4ac5d56..1447bed 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -5,12 +5,13 @@ policy_module(miscfiles, 1.8.0)
 # Declarations
 #
 
+attribute cert_type;
+
 #
 # cert_t is the type of files in the system certs directories.
 #
 type cert_t;
-files_type(cert_t)
-
+miscfiles_cert_type(cert_t)
 #
 # fonts_t is the type of various font
 # files in /usr
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 8b4f6d8..2aa8928 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -103,7 +103,7 @@ template(`userdom_base_user_template',`
 	libs_exec_ld_so($1_t)
 
 	miscfiles_read_localization($1_t)
-	miscfiles_read_certs($1_t)
+	miscfiles_read_generic_certs($1_t)
 
 	sysnet_read_config($1_t)