Certificate selection tool
I think a simple certificate selection tool for clients would be really handy. I am thinking in exactly the same way as momcertimport.exe in SCOM where you can run the exe either as GUI or cmd line and choose a specific certificate to use.
As we know, current certificate selection is not fool proof and can be very tricky when multiple certificates are installed on one device. A simple certificate picker or override tool would assist massively when dealing with HTTPS environments, particularly in DMZs. Numbers are often much smaller and we are dealing with the final 5% which can be difficult with a blanket rule from the site selection criteria or the limited options available in the install parameters.
AdminAdam Meltzer (ConfigMgr Product Team) (Software Engineer, Microsoft Endpoint Configuration Manager) commented
Certificate selection is centrally defined by the site server, so we don't have any way to force selection of a specific certificate which seems like the big thing you're asking for here.
With that said, we do have a little known tool that's pre-installed with every client called cmhttpsreadiness.exe. The tool both generates a log file (ccm\logs\cmhttpsreadiness.log) as well as sends a state message you can use to build reports. This can be used to aid with migration scenarios to HTTPS to understand in advance which clients won't work and why.
While I know this isn't exactly what you're hoping for it is something that can help address one of the primary challenges with moving to HTTPS.