Please take a look into this comment.
My case is similar to this. When old R3 expired, then we updated the new R3 certificates into our device manually. That's why we want to automate the process. So, every time RSA intermediate certificate (e.g. R3) expire, then our system will get latest RSA intermediate certificate (e.g. R3) and send new certificates to all devices.