Client cert auth, more than advertised CA filtering?
We currently use client cert auth using smart cards at my organization. There is a push to move from one CA's certificates to another CA's certificates. There are 3 certificates on each smart card, one from one CA, and two from the other CA.
The current CA that we are using to authenticate, there is one certificate issued to users on their smart card. The other CA has two certificates issued to it on the user's smart cards.
This new order states that we need to use ONE specific certificate from the CA that the users have two certs for.
Currently, our setup is to use the advertised CA in the client SSL profile and just use APM to prompt the user, they pick the one cert and authenticate with it.
With is migration, I'm having an issue trying force use of a specific certificate from the CA that the users have two certificates for. The only difference I've seen is that the certificate we want to use has a certain format on the serial number. Like the serial number ends with "a".
I guess my question really comes down to: is there any way for me to filter the certificate prompt any deeper than the advertised CA in the client cert profile?