A webserver needs to be configured to handle the SSL XML-RPC requests from the puppets, because the mongrel server type is not capable of performing SSL.

The webserver is going to listen on port 8140, the default port for the puppetmaster to listen for clients. It is going to forward traffic (after being decrypted) to the puppetmaster on 127.0.0.1:8141.

Setting up the webserver requires you install httpd and mod_ssl. If these are not installed already, use:

# yum install httpd mod_ssl

Refer to Appendix A, Example SSL Frontend Reverse Proxy Load Balancer Configuration for more an example VirtualHost configuration for an SSL frontend reverse proxy load balancer.