I am not really sure how to go about this. We have just been approached by a large financial corporate, wanting to use our website.
They have all sorts of requirements we have to conform to first however, one of them is to do with security.
All of their users are behind some type of firewall/proxy, and they want this thing to have to mutually authenticate with our website. Our website is a normal type of website, it has an SSL certificate and people log in with usernames and passwords. Clients can either enforce the SSL on their group of users, or it is optional.
The site is hosted on a Windows 2000 Server IIS5.0 installation.
They have said they would give me their certificate, and we give them ours. I think this will probably affect existing customers, so we need a new website in IIS pointing to the same folder, with a new certificate. Not sure how to go about it after that.
Can someone please explain to me in laymans terms what they are trying to do, if it will affect existing customers, and how I do it. I would appreciate it greatly. This question is urgent for us as we need to get up tp speed on this so we can discuss with them by end of week.