EJBCA

EJBCA stands for Enterprise JavaBeans Certification Authority. It is a Free Software implementation of a certification authority coming from Swedish company PrimeKey. The application is written in Java, using the JEE5 specification (as of version 4.0.0), and is released under LGPL license. It's meant to be run on top of Java application servers, and it supports several application server implementations, both proprietary and Free Software ones.

In addition to implementing an X.509 certification authority, it also provides services of a validation authority (namely OCSP responder), registration authority, and even a certificate repository. It's quite feature-packed, and supports several database backends for storing certificates and private keys of users (if set-up to do so).

EJBCA also has two some small flaws. The first one is the inability to parse the certificate signing requests for purpose of obtaining subject details (only the public key is extracted from it). The second flaw is that the interface can feel a bit clunky at times. Otherwise it's probably the best Free Software implementation out there in all of the features it provides.