Is it possible to filter client certificates in the browser using EKU (Extended Key Usage) detail of a certificate? I only want certificates that have Client Authentication EKU, or no EKUs at all.
I know this happens by setting oid_filters in the CertificateRequest message in tls handshake, but I don't know how to set them, or if there's an easier configuration in IIS/http.sys to do this?