Skip to content
/ PEMetrator Public

Manages your OpenVPN PKI through a simple web application

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thomas-maurice/PEMetrator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

certificates

certificates

 
 

images

images

 
 

static/css

static/css

 
 

templates

templates

 
 

user

user

 
 

webapp

webapp

 
 

README.md

README.md

 
 

manage.py

manage.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

PEMetrator

OpenVPN PKI management web application.

PEMetrator is funny because PEM is a certificate file format. :)

What is this project about ?

Have you ever tried to setup a PKI to use with OpenVPN ?

As the documentation suggests you might have used easy-rsa to manage your keys and certificates. But this solution is quite unsatisfying in the way that it requires you to SSH on the server to perform actions, and there is no easy way for the users of your VPN to request or revoke a certificate for instance.

This is what this project is about: make the use of OpenVPN PKI easy for everyone.

certificate

What does this project allow you to do ?

Disclaimer

This project is quite young, and I plan on coding on it a lot. So this documentation is very likely to change in the next days :)

Create CAs

CAs (Certification Authorities) are the components that will establish the trust between your OpenVPN server and your clients. It is the CA that signs the certificates for both of them, and provides the Certificate Revocation List which is used to check if a certificate has been compomized or not.

PEMetrator allows you to to create certifications authorities, that your users will be able to use in order to request certificates.

A CA possesses three important attributes :

  • A certificate, that the client and servers must know in order to identify each other
  • A private key, used to sign certificate requests
  • A certificate revocation list used to let people know if a certificate has been revoked.

All these components (except the private key obviously!) are freely accessible to the clients so that they can configure their VPN accesses.

certificate_authority

Create certificate requests

This enables the users to request certificates.

An administrator then has to sign them to make them valid.

certificate_request

Revoke certificates

A certificate can be revoked at any time by an administrator. The CRL is available to anyone.

Create client and server certificate

Both of them are supported :)

certificates

Email notifications

When you create a certificate request, and when it is signed, the system sends the requester email notifications that allow him to keep tracks of his certificate requests.

Technologies used

This webapplication is built using the following technologies :

  • Python.
  • Django.
  • Celery for all the asynchronous tasks such as certificate signing.
  • Bootstrap for the swag.

Deploy it for a test

To test the application please download this repo, create the appropriate database, in mysql, or edit settings.py to enable the sqlite backend. (warning: the SQLite backend caused me headaches during developpement because it has an annoying tendency of deadlocking shit. Use MySQL or PostgreSQL !)

Run the following commands :

$ sudo service redis start # Mandatory for Celery
$ pip install -r requirements.txt # Install deps
$ python manage.py migrate
$ python manage.py createsuperuser
$ python manage.py runserver
# And in a second shell
$ python manage.py python manage.py celeryd -v 2 -B -s celery -E -l INFO

Feedbacks

I accept feedbacks, you can let me know what you think through issues, pull requests and twitter.

About

Manages your OpenVPN PKI through a simple web application

Resources

Readme
Activity

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages