We are looking for an opportunity to request and enroll certificates on Android and iOS Devices with certutil. Unfortunately we can't use a MDM. Requesting a certificate, exporting and sending via mail or getting it via usb to the device is also not allowed.
Now we are running a working CA and we export the certificate from the computer that requested the certificate and import it to the mobile device. But we can't continue with that workflow.
The new workflow should be as follows:
User with Android/iOS Device goes to http://xxxxxxxxx
Website asks for some input. for example user name, department, device name and operating system (checkbox?).
This input should now be used to request and enroll a certificate to a specific device running a specific operating system.
Certificate installed on the device.
Is this even possible? What do I need for that? How can I run certutil on a webpage? My scripting/programming experience is nearly 0.