The certification authority, being the central part of every X.509-capable environment, requires a lot of careful planning prior to deployment. There are many important aspects that need to be taken care of, with security of the certification authority being one of the main concerns.

There are several Free Software implementations that can be used for the purpose of certification authority:

- Dogtag
- OpenCA
- OpenSSL

The last one of these, **OpenSSL** is not strictly a certification authority in itself, but the functionality it provides through the command-line utilities can be utilised as a poor-man's certification authority nevertheless (there's plenty of guides on this throughout the Internet).