This is not an Aruba specific question. Is it possible to influence Windows to select a certain certificate if multiple user certs exist in the user cert store for EAP-TLS authentication? In testing, I've found that when multiple certs exist, Windows will prompt the user to select a certificate during authentication. Based on the certs available, the wrong cert could be selected, and the user would fail auth. Based on the number of users and the fact that this will continue to happen as certs expire, it will be unacceptable to have these prompts.
I have "Use simple certificate selection" enabled in Windows, but the issue still persists. Any ways around this with GPO or registry tweaks? If not, I may need to look at onboarding the devices instead, which I believe would solve my problem. The only downside is that user certs won't automatically renew like with other PKI solutions.