It really depends on how much access outside of the internal network is allowed to those internal devices (or in to them).
The simplest solution would be to RSYNC the folder with the certs from the outside system to an inside system (RSYNC can sync from either direction).
If the networks are really really separated, then you could maybe allow the internal systems to retrieve the cert information via some proxied method (like DNS) so there is no direct contact from the inside systems to any outside systems (only through the proxy).
But again all solutions start with the answer to the question: How much access does the Internal network have to any other network or visa versa?
1 Like