Ask Your Question

how to add the ssl_client_dn to the puppet server log file running puppet 4.6

asked 2016-09-02 08:14:36 -0600


In passenger i can add the client certificate name to the logging file by using the %{SSLCLIENTS_DN}e

LogFormat "%v %h %l %u %t \"%r\" %>s %b %{SSLCLIENTS_DN}e"

I found the config file that i need to change voor puppetserver 4.6 /etc/puppetlabs/puppetserver/request-logging.xml

But i can't find what i need to add to the pattern file to get de cliens ssl dn logged.

With regards,


edit retag flag offensive close merge delete


Hello, Found extra info? Even found in de jar file that the info was mapped to name But tried without success until now. Maybe if this is not posible i need to look into a nginx/apache ssl offloading. With regards, Richard

R.deVos gravatar imageR.deVos ( 2016-09-05 10:00:47 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2016-09-06 10:23:55 -0600

camlow325 gravatar image

Unfortunately, I don't think there is a way to do this with the current logback Jetty access log functionality that Puppet Server is using. Using the same pattern documentation you mentioned, I also haven't found anything in the standard set of options which maps to the DN or CN of the client's X509Certificate.

If you have some sort of a proxy / load balancer between your agents and the master and are able to extract the DN from the client certificate and inject into the request as a header, e.g., X-Client-DN, then you could use the %i{X-Client-DN} in the request-logging.xml file in order to have the DN written to the access log file.

This would seem like a good feature to add to Puppet Server - and logback-access in general. If you'd like to pursue this further, you might open a feature request under the SERVER project at

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-09-02 08:14:36 -0600

Seen: 58 times

Last updated: Sep 06 '16