We are developing system that makes use of Certificate Server. But, only our system is visible form the Internet,
CS is hidden behind the firewall.
We've developed a solution, that makes it possible to request for certificate from our system, then forwards the request to CS, and vice versa, we fetch the page which installs the certificate and forwards it to end-user.
But, when talking about renewal, we have a problem.
CS interface for certificate renewal expects, that user legitimates with its expiring (or expired) certificate and then
CS regenerates new certificate (with validity customized via console) and installs it on client browser.
We expected similar functionality as with requesting for certificate. User fills out the request, sends it to CS, and admin after checking issues the certificate. More, the admin is responsible for renewing the certificate, not the user, as in previous scenario.
Also, authenticating with client certificate makes it impossible to forward the request and response by us (we cannot fetch the certificate from the user browser to use it for communication with CS)...
Maybe some of You have solution that satisfies our needs?
Maybe CS has another interface, which we didn't explore, allowing certificate renewal without presenting user certificate.
Or you developed your own, custom solution, that can be suitable for us...