@DoctorKisow Are you having two identity certificates issued by the same CA or one by root CA and other one by the Intermediate CA?
If you have a root CA and Inter.CA, then try disabling the " Trusted for Client Authentication" option under the trusted client CA.
If there's only one CA that signed both certs, then you can use EKU OID filtering option to do the trick, however, caveats are:
# Custom EKUOID has to present on the desired certificate (cert template should be modified for this)
# Pulse Desktop Client 9.1R5 and higher will not work for machine certificate, only user certs will be filtered using EKUOID value (identified as not-supported scenario, hence considered as enhancement). So, only 9.1R4 & below versions of PDC has to be used for this approach to work.
Config reference - https://docs.pulsesecure.net/WebHelp/PDC/9.1R3/Content/PDC_AdminGuide_9.1R3/Configuring_Client_Certificate_Selection_Option.htm
... View more