hi,
We need to deploy an Idm environment in a firewalled network with different
layers (untrusted/semi-trusted/trusted).
In the untrusted network there will be no Idm servers. In the trusted, we
will have replicas with the base services (ldap/kerberos/dns). Hosts in
the untrusted zone will talk to these replicas.
In the trusted zone we will have replicas with the CA functionality as
well, and obviously the idm servers will communicate between the
semi-trusted and trusted zone.
According to:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
"If you set up a replica without a CA, it will forward all requests for
certificate operations to the CA server in your topology."
The question is: will certmonger on hosts in the untrusted zone be able to
request and renew certificates and have the requests proxied to the trusted
zone servers with the CA service? I know mod_rewrite can do this using the
[P] flag (
https://httpd.apache.org/docs/2.4/rewrite/proxy.html), but is
this something we can use for our goal?
Thanks!
--
Groeten,
natxo