Hi all,
Currenly I'm in the progress of setting up an environment with computer based certificates. The devices themselves are not joined to the AD domain, but are member of a specific OU group so they can be validated using Micosoft RADIUS (no ClearPass).
An important requirement is to be able to ensure a computer certificate can only be used by one device at a time.
The reason is to prevent multiple devices using the same computer certificate in case the cert is being cloned. Every device is required to have a unique certificate.
It would be even better if there is a possibility to have a device only be authenticated based on the computer certificate that has been assigned to the device itself. So that it is not being able to authenticate with a valid certificate that is assigned to another device.