Hi,
I have 802.1x (PEAP-TLS) working fine with computer based authentication - however I find the following issue:
1.) The client has a valid certificate used for authentication from internal CA.
2.) The same client also has an expired certificate which they use for another reason - IIS etc.
This supplicant will then fail authentication as it presents the expired certificate to NPS.
How can I force my valid cert to be used ? (I cannot just delete the expired one as it will stop the IIS website etc)
Also what is the logic for which certificate the client will choose to present ?
Thanks
Bill