Certificate selection tool
I think a simple certificate selection tool for clients would be really handy. I am thinking in exactly the same way as momcertimport.exe in SCOM where you can run the exe either as GUI or cmd line and choose a specific certificate to use.
As we know, current certificate selection is not fool proof and can be very tricky when multiple certificates are installed on one device. A simple certificate picker or override tool would assist massively when dealing with HTTPS environments, particularly in DMZs. Numbers are often much smaller and we are dealing with the final 5% which can be difficult with a blanket rule from the site selection criteria or the limited options available in the install parameters.

1 comment
-
Certificate selection is centrally defined by the site server, so we don't have any way to force selection of a specific certificate which seems like the big thing you're asking for here.
With that said, we do have a little known tool that's pre-installed with every client called cmhttpsreadiness.exe. The tool both generates a log file (ccm\logs\cmhttpsreadiness.log) as well as sends a state message you can use to build reports. This can be used to aid with migration scenarios to HTTPS to understand in advance which clients won't work and why.
While I know this isn't exactly what you're hoping for it is something that can help address one of the primary challenges with moving to HTTPS.