The goals of a PKI infrastructure (as defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>) is to meet the needs of deterministic, automated identification, authentication, access control, and authorization.
The administrator should be aware of certain terminologies as explained by the aforementioned RFC before attemping to put in place a PKI infrastructure. Briefly, these are:
hx509 (Heimdal x509 support) is a near complete X.509 stack that can handle CMS messages (crypto system used in S/MIME and Kerberos PK-INIT) and basic certificate processing tasks, path construction, path validation, OCSP and CRL validation, PKCS10 message construction, CMS Encrypted (shared secret encrypted), CMS SignedData (certificate signed), and CMS EnvelopedData (certificate encrypted).
hx509 can use PKCS11 tokens, PKCS12 files, PEM files, and/or DER encoded files.