Two things here. First is that if you configured the Network Settings in your Onboarding workflow as: 'Both - Wired and Wireless', and the wired network adapter was available during the onboarding process (for example if you have an USB ethernet which was nor connected, it will not be configured):
.. in that case, you should be fine and the wired should be configured.
If you have not provisioned the wired settings, the client certificate is already present and you have two options:
- go through the onboarding process again, to have the settings configured by the onboarding process. If you see the message that the device is provisioned already, you can ignore that and just continue.
- as the certificate is already there, you can also go into the settings for your wired network card and manually configure the authentication method (EAP-TLS), server name, server certificate, etc.
That second procedure needs some manual work by a somewhat skilled user. But if you have a handful of devices it is probably the fastest.
In a very large deployment, I would create a second (new) Onboarding CA, and then when a client connects with a certificate issued by the old CA you can return a role that places the user in the onboarding process again to get a new certificate with new settings pushed for wired and wireless. You can add ?reprovision=1 to the redirect URL (or &reprovision=1 if it is not the first attribute in the URL) to skip the 'you are already provisioned' message. In this way, you can make sure that all users with old settings are guided through the onboarding process.