Note: these CA software and crypto library packages are not listed in any specific order. Some of the newer and perhaps most interesting packages will be at the bottom of the list.

• The OpenSSL Project
  The OpenSSL Project is a collaborative effort to develop an Open Source toolkit for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptography library.

• The OpenCA Project
  OpenCA is a collaborative effort to develop a full-featured Open Source Certification Authority.

• The Netproject organization plans to field an open source entrant in the next round of the UK government PKI interoperability trials.

• pyCA
  pyCA tries to make it easier for people to set up and run a organizational certificate authority which fulfills the need for a fairly secure certification processing.

• The PHPki Project
  A PHP based CA. Site has an on-line demo.

• SimpleCA from the VPN Consortium
  A simple command line certification authority designed to be easy to deploy and operate. This was originally intended to support VPN deployments but is also generally useful in most PKI contexts. SimpleCA uses CryptLib (see below).

• A Cryptography Library from cs.auckland.ac.nz
  A library useful on both Windows and Unix platforms. Along with basic crypto functions, the libaray contains CA functions and servers including those needed for SCEP, OCSP, Certificate Management, etc. Extensive logging is included in the system. Detailed documentation.

• CSP: the simple PKI toolkit
  Certificate Service Provider is a perl wrapper around openssl that allows you to run multiple simple certificate authorities (CAs). CSP is designed to be simple (almost to a fault) and is ideally suited to small PKIs (< 1000 entities) where security is paramount.

• EJBCA - The J2EE Certificate Authority
  EJBCA is an enterprise class PKI, meaning that you can use EJBCA to build a complete PKI infrastructure for your organisation. If you only want to issue a few single certificates for testing, there are probably options that will get you started quicker, but if you want a serious PKI we recommend EJBCA. This package supports nCipher and LUNA HSM hardware.

• NewPKI
  NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled through a database, which provides a much more flexible PKI than with OpenSSL, such as seeking a certificate with a search engine. br> There is an SQL abstraction layer, the one provided is for a MySQL database.