Hello, My configuration doesn''t work ! I can''t sign certificate with puppetca using mongrel + httpd. OS : CentOS 5.3 puppet, puppetserver 0.25 httpd-2.2.3-22.el5.centos.1 httpd-devel-2.2.3-22.el5.centos.1 rubygem-mongrel_cluster-1.0.5-2.el5 rubygem-mongrel-1.0.1-6.el5 # cat /etc/httpd/conf.d/puppetmongrel.conf Listen 8140 PidFile /var/run/puppet/balancer.pid LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule headers_module modules/mod_headers.so LoadModule ssl_module modules/mod_ssl.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so <Proxy balancer://puppetmaster> BalancerMember http://127.0.0.1:18140 BalancerMember http://127.0.0.1:18141 BalancerMember http://127.0.0.1:18142 BalancerMember http://127.0.0.1:18143 BalancerMember http://127.0.0.1:18144 BalancerMember http://127.0.0.1:18145 </Proxy> <VirtualHost *:8140> ServerName prodglv1 SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/prodglv1.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ prodglv1.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e <Location /> SetHandler balancer-manager Order allow,deny Allow from all </Location> ProxyPass / balancer://puppetmaster:8140/ ProxyPassReverse / balancer://puppetmaster:8140/ ProxyPreserveHost On ProxyTimeout 120 SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 </VirtualHost> # cat /etc/puppet.conf [main] # Where Puppet stores dynamic and growing data. # The default value is ''/var/puppet''. vardir = /var/lib/puppet # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl autoflush = true [puppetmasterd] node_terminus = ldap ldapserver = prodglv1 ldapbase = ou=test,c=fr [dev] modulepath = /etc/puppet/system/dev/modules:/etc/puppet/system/ default/modules templatedir = /etc/puppet/system/dev/templates # cat /etc/sysconfig/puppetmaster PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp PUPPETMASTER_LOG=/var/log/puppet/puppetmaster.log PUPPETMASTER_PORTS=( 18140 18141 18142 18143 18144 18145 ) On my puppet Client myServer : # service puppet once warning: peer certificate won''t be verified in this SSL session /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'': Error 502 on SERVER: Proxy Error (Net::HTTPError) from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb: 198:in `find'' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:175:in `certificate'' from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:238:in `wait_for_cert'' from /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:243:in `run_setup'' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'' from /usr/sbin/puppetSystemd:159 On my puppet server : # tail -f /var/log/puppet/balancer_error.log [Mon Mar 08 17:14:56 2010] [error] [client 192.168.0.203] (70014)End of file found: proxy: error reading status line from remote server 127.0.0.1 [Mon Mar 08 17:14:56 2010] [error] [client 192.168.0.203] proxy: Error reading from remote server returned by /topadSystem/certificate/ myServer # tail -f /var/log/puppet/balancer_access.log 192.168.0.203 - - [08/Mar/2010:17:14:56 +0100] "GET /dev/certificate/ myServer HTTP/1.1" 502 534 "-" "-" # tail -f /var/log/puppet/balancer_ssl_request.log [08/Mar/2010:17:14:56 +0100] 192.168.0.203 TLSv1 RC4-SHA "GET /dev/ certificate/myServer HTTP/1.1" 534 I thinked that the SetEnv do the trick but it doesn''t... What''s wrong ? Thanks for any help Charles -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.