Which linux x86 hardware keystore?

If you've chosen your SSL implementation, then it will constrain your choice of hardware. Favor hardware that has been supported long-term by the official release, as-is.

Before bothering with tamper-resistant hardware to protect your keys, it's worth considering some other issues:

A stolen certificate is only useful while DNS is also hijacked. (SSL uses Diffie-Hellman to prevent passive attacks, so the thief would need to be an active Man-in-the-Middle, impersonating you.)

SSL is only as secure as the weakest CA (Certificate Authority) that it trusts. Browsers had 2 major CAs (Comodo, DigiNotar) publically compromised in the past 2 years. If possible (not in web commerce, obviously), install your certificate without a CA.

Apply the shortest practical expiration time for your certificates.

Someone who breaks into your SSL terminator does not need your certificate to do major harm. He can hide there, funnel and filter traffic (e.g. taking credit card numbers), and use steganography to undetectably retrieve the result.

Commercial crypto hardware has a terrible security record. There have been timing attacks, fault injection (voltage, radiation) attacks, and traditional bugs. They are closed, for-profit products; they have strong motive to conceal flaws -- as revealed dramatically in the case of RSA SecureID.