We are toying with using machine certs with Pulse on IVE 7.3 R7 and have things working pretty well but, have a concern . Is there a way to match the user's machine certificate to the actual machine? Everything I've seen seems to be around verifying that the certificate is issued by a valid trusted CA, etc, but what if someone puts a valid machine certificate onto multiple machines? We want to lock each certificate to a specific machine. i know we can use non-exportable certs so once installed, the certificat can't be exported and re-installed on another machine but, if someone can get a copy of the orginal cert before it's installed on a machine, we don't want them to put it onto a different machine. Any ideas?
... View more