EJBCA is an open source certification authority (PKI). It's build on the J2EE standard so it's off-course completely cross platform.
Version 3.1.3 has been subject to quite some enterprise testing and contains things like better support for HSMs and SCEP, along with more exotic features such as support for RSA-PSS signatures.

The EJBCA homepage: http://ejbca.org/
The news post at sourceforge: http://sourceforge.net/forum/forum.php?forum_id=515642
See the complete changelog: http://jira.primekey.se/browse/ECA?report=com.atlassian.jira.plugin.system.project:changelog-panel

What new features would you like to see in open source PKI?