The PKI Project is the first project of the OpenCA LABS. It is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA PKI is based on many Open-Source Projects. Among the supported software is PERL, OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.

The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be configured to serve as a server for differen CAs.

The libPKI project is aimed to provide an easy-to-use PKI library for PKI enabled application development. The library provides the developer with all the needed functionalities to manage certificates, from generation to validation. The layered structure enables the libPKI to use different cryptographic providers, e.g. OpenSSL or KMF.

The PRQPD package is aimed to provide a PRQP server and a command line client. The package implements the PKI Resource Query Protocol (PRQP), a protocol that can be used by applications in order to discover PKI services and repositories. An Internet Draft (I-D) is available from IETF. The basic concept of the protocol is to provide a way to answer to the question "where is the URL for service X from this CA ?". The protocol envisages the presence of an Authority, called Resource Query Authority (RQA) which is entitled to provide such data from the CA itself. Read More...

The OpenCA-ng project is the natural evolution of the OpenCA PKI one. Indeed OpenCA-ng stands for OpenCA Next Generation. The ng project is aimed to provide a next generation PKI to overcome the limitations of current trust infrastructures by supporting new features like on-line enrollment, multiple Point of Access, Peer-to-peer collaborative network, and federated identities.