i''ve read the http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities and not quite sure if i''ve understood it correctly. i want to implement the following: puppet-front should only validate certificates from it''s clients, however if new client connects to it: a) puppet-front must redirect signing request to puppetCA b) puppetCA signs a request and returns certificate to puppet-front c) puppet-front returns it to requested client. if i''ve understood correctly, i should do the following: 1) install puppetCA as usual and configure puppetd.conf: ca=true 2) install puppet-front and configure puppetd.conf: ca=false ca_server = PuppetCA.FQDN 3) install puppet on client. please correct me if i''ve missed something thanks,yurii -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.