Our PCCE is in a dedicated network at our customer premises.
The contact center operators are in a different (client) network that Is separated from the CC network.
Thus, to use Finesse the customer wants to use a reverse proxy that maps all access URLS (e.g. https://<finesse FQDN>/desktop/…) to a particular URL (e.g.https://<another FQDN>:<a port>/). This mapping is called a “junction”.
Normally, when you log in to Finesse, you get 4 requests to create exceptions to certificates, using variations of the main URL on port 7443.
The customer doesn’t like this, so we let them sign Finesse Tomcat certificate with their internal CA, we uploaded it on Finesse and now when accessing Finesse with the standard URL everything works and the browser doesn’t show any red alert.
But when using the junction, Finesse asks again for the certificate acceptance on port 7443, but it mixes the finesse FQDN with the junction FQDN, so that it is not possible to reach the pages (they don’t actually exist).
I suspect (but I am not an expert) that some links requested by the Finesse login are static while other are dynamic.
Is there any documented or known way to have operators access Finesse that is behind a reverse proxy?