Listen 8140
<VirtualHost *:8140>
	SSLEngine on
	SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
	SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet-server.inqnet.at.pem
	SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet-server.inqnet.at.pem
	SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
	SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
	# If Apache complains about invalid signatures on the CRL, you can try disabling
	# CRL checking by commenting the next line.
	SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
	SSLVerifyClient optional
	SSLVerifyDepth  1
	SSLOptions +StdEnvVars

	# The following client headers allow the same configuration to work with Pound.
	RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

	RackAutoDetect On
	DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
	<Directory /usr/share/puppet/rack/puppetmasterd/>
		Options None
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
</VirtualHost>