Optimize puppet CA using apache

gistfile1.txt

in puppet.conf add (not needed in recent puppet versions, 3.5+ or something):

cadir = $ssldir/ca { mode = 775 }
cacert = $cadir/ca_crt.pem { mode = 664 }
csrdir = $cadir/requests { mode = 775 }
signeddir = $cadir/signed { mode = 775 }


in apache site add (change /etc/puppet/ssl to your ssldir path):

  <IfModule mod_rewrite.c>
    <Directory /etc/puppet/ssl/ca>
      AllowOverride None
      Allow from all
    </Directory>
    RewriteEngine on
    RewriteCond %{THE_REQUEST} ^GET
    RewriteRule ^/\w+/certificate_revocation_list/ca$ /etc/puppet/ssl/ca/ca_crl.pem [L,T=text/plain]
    RewriteCond %{THE_REQUEST} ^GET
    RewriteRule ^/\w+/certificate/ca$ /etc/puppet/ssl/ca/ca_crt.pem [L,T=text/plain]
    RewriteCond %{THE_REQUEST} ^GET
    RewriteRule ^/\w+/certificate/([A-Za-z\d\.-]+)$ /etc/puppet/ssl/ca/signed/$1.pem [L,T=text/plain]
    RewriteCond %{THE_REQUEST} ^GET
    RewriteRule ^/\w+/certificate_request/([A-Za-z\d\.-]+)$ /etc/puppet/ssl/ca/requests/$1.pem [L,T=text/plain]
  </IfModule>
  
  
enable mod_rewrite in apache and restart it.