Is it possible to use the Onboard feature to distribute certificates that would be host based and not user based. Specifically the certificates should be:
1) named for the machine being onboarded (not the user doing the onboarding)
2) be installed in the local computer certificate store (not the user's store)
3) be presented by the computer for EAP-TLS authentication when machine authentication happens (before the user logs in)
We already have the certificate authority setup and are using Onboard to issue certs and provision devices with certs tied to the user identity (specifically the user that authenticates to the onboard page), those certs get installed in the users certificate store, and get presented for EAP-TLS when the user logs into the machine. That is all working fine, but that doesn't meat the requirements of some of the use cases we have, and we would like to be able to use a similar process to do the same thing to issue machine certs to be used for wireless authentication.
Any ideas or is this beyond the scope of what Onboard can do?