More criteria for client certificate selection
Currently the selection criteria when more than one certificate is available are limited to the options “Client authentication capability”, “Certificate Subject contains string”, “Certificate Subject or SAN includes attribute”. This really limits the usability of the feature.
It would be great if there are additional selection criteria like “Issuer” or “Certificate Template”.
FULLY agree with this request.. the current selection criteria is really limited, and we have major issues with server certficates that also contain client authentication, and that have generic names in the SAN like Exchange and Lync.
I'd like to add to the request:
selection criteria: Application Policy.
So that we can create our own OID, add that OID to the requested Certificate Template, thus make sure that only certificate with the "SCCM OID" purpose are selected !
AdminAdam Meltzer (ConfigMgr Product Team) (Software Engineer, Microsoft Endpoint Configuration Manager) commented
While there's no way to select certificate template today, you can restrict based by issuer by selecting one or more root CAs in the administrator console.