Taking the time to read up on the GridShib CA and MyProxy CA was very useful. They and phpki ultimately all are backened by an openssl configuration so in a sense are compatible with each other. The decision to use one over the other seems to mainly be about where one stores a cert and how one can retreive it. The GridShib CA has a great way of creating certs that are truely private (client-based key) so I'm guessing there is not a key store in GridShib CA. MyProxy CA would seem to have a keystore since it's backended by Simple CA. This makes it like phpki except that the interface is command-line versus web.
Checkout uabgridca project from metric. It's best to check this out
into your local web development space (eg. public_html) in order to run
cvs co uabgridca
Setup symbolic links to reflect a post-setup configured environment:
Create a user account system to define usernames. uabgridca leverages
web server authentication and the REMOTE_USER environment to identify
users and create certificates. Users cannot enter their own values for
key certificate fields.
htpasswd -s phpkipasswd
Secure the CA for developer user. Note: this is not "secure". It