The new version (v0.6.7/Papocchio) of LibPKI is available. Major changes over v0.6.5 are: fixed OCSP response initialization, added support for DNS url for retrieving DNS records via the simple URL_* interface, added initial support for Lightweight Internet Revocation Tokens (LIRTs) Download the new version for your system in the LibPKI download pages.

The new version (v0.6.5/Hope) of LibPKI is available. Major changes over v0.6.4 are: fixed a key-encoding error in OpenSSL, added new pki-siginfo tool to ease signature info gathering for X509 objs, added PKI_X509_KEYPAIR_get_curve() to get curve related to an EC key, added possibility to load any type of X509 objects by using PKI_X509_get() with PKI_DATATYPE_ANY as a type, fixed an error when setting the signature algorithm in PKI_X509_CERT_new(), enhanced support for ECDSA key management. Download the new version for your system in the LibPKI download pages.

The new version (v0.6.4/Broadway) of LibPKI is available. Major changes over v0.6.3 are: fixed HTTP code (memory allocation error), enhanced command-line tool for CRL manipulation (pki-crl). Download the new version for your system in the LibPKI download pages.

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: Updated default configuration files (default passin set to none), enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload, deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer), fixed an error in return code check for PKI_NET_listen, fixed error in config parsing when no bind address was provided.

The new version (Viper/v0.6.3) of LibPKI is available. Major changes over v0.6.1 are: extended support for ECDSA (via profile/keyParams in profile configuration files), fixed linker issues on Solaris, added pki-cert command line tool, fixed ocsp library code. Download the new version for your system in the LibPKI download pages.

The demo online CA is back online due to great demand from people interested in the OpenCA PKI software. We will try to keep it online as much as possible, please be warned, though, that it is just a DEMO service and no liability is implied.

Current version of the Online CA is v1.1.1.

Due to a bug in Firefox (memory management), you need to have the OCSPD to be compiled against the LibPKI v0.6.1+. Please download the source code and re-compile the daemon once you updated the crypto library.

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version (mostly coming from supporting for LibPKI v0.6.0) are: extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, IPv6 support.

The new version (Turkey/v0.6.0) of LibPKI is available. Major changes over v0.5.1 are: support for IPv6 in network calls, fixes for URL parsing and PKI_SSL_* interface enhancements. Get the new version for your system in the LibPKI download pages.

The new version (Zoiberg/v0.5.1) of LibPKI is available. Major changes over v0.5.0 are: better support for OS independent Thread Management together with thread synchronization primitives (mutexes, condition variables, and r/w locks, LDAP interface fixes. Get the new version for your system in the LibPKI download pages.

Yum repositories for OpenCA projects have been created. If your system supports Yum (and RPMs) you can use the provided links to install the repository configuration on your system.

The new version (lulu/v0.5.0) of LibPKI is available for download. Many changes to the library and bug fixing over the old version. In particular: added support for different OSes (initial support for Win port), added PKI_SSL and support for easy SSL/TLS management, added support for Win LDAP API, added support for 64bit architectures, added safe URL encoding for HTTP GET protocol, added platform-independed thread management.

The OpenCA Website has undergone a complete makeover to address incompatibities with some web browsers (IE) and to provide a cleaner interface for users. Please let us know if you like it here.

The problems with the OpenCA's servers have been fixed. Please let us know if you still experience any major inconvenience when using OpenCA services.