Multiple puppet masters; some dedicated masters as CA; how to redirect ssl proxy request; puppetserver ?

[rhpupp...@gmail.com]

We currently have a handful number of puppet masters and using apache-passenger stack to run puppet master service. We use set of dedicated puppet master servers as CA servers. So any ssl request that come to a puppet master , will redirect to proxy server which is dedicated CA puppet master.  We have setting something like this which is working.

#cat /etc/httpd/conf.d/pup_ca.conf

SSLProxyEngine On # Proxy all requests that start with things like /production/certificate to the CA ProxyPassMatch ^/([^/]+/certificate.*)$ https://puppetca.example.com:8140/$1

Now we are planning to migrate our puppet master service to puppetserver instead of apache-passenger stack. I've read all the puppetlabs documentation but couldn't find an option to set ssl certificate proxy redirect something like above.

If anyone know how we can get this feature on puppetserver, please let me know the configuration file name and show me an example.

For testing purpose, i'm currently using CA=<CA servername> in puppet agent's puppet.conf file but i wanted to manage this at master level.

Thanks in advance for any response. 

[Antony Fomenko]

http://docs.puppetlabs.com/puppetserver/2.1/external_ca_configuration.html