Let's say I want to import our internal root CA in the trust store of the API Gateway, which would make a lot of sense in terms of certificate management, and that I want to be 100% certain that it is trusted only for internal network addresses. How can I do that?
For example, say I take our internal root CA and sign a certificate that I use on a public server outside of our corporate network, and that I want the API Gateway to automatically refuse to trust it because it's a public address, is there a way to do this?