This time I’ve got a short post about another executable that I’ve found very useful. It’s CMHttpsReadiness.exe, which belongs to the Configuration Manager HTTPS Readiness Assessment Tool. This tool can be used to check the ConfigMgr clients if they are ready for a switch to HTTPS communication. Basically, it simply checks the certificate requirements on a ConfigMgr client device. To be honest this tool even already existed in ConfigMgr 2007, but in those times the executable was named SCCMNativeModeReadiness.exe. As this tool hasn’t been mentioned a lot, I thought it would be worth a short blog post.
Usage
This tool is installed during the ConfigMgr client installation and can also be found in the ConfigMgr client installation directory. It can simply be started via the command line, which also makes it fairly easy to create an old-school package of it. This makes it easy to verify all the existing ConfigMgr clients. To run this tool on ConfigMgr client devices, it is possible to specify the following parameters:
Parameter | Maps to client.msi property |
/Store: <name> | CCMCERTSTORE |
/Issuers: <list> | CCMCERTISSUERS |
/Criteria: <criteria> | CCMCERTSEL |
/SelectFirstCert | CCMFIRSTCERT |
Result
As with almost everything ConfigMgr related, the results can be followed in a log file. The log file named CMHttpsReadiness.log will list all the activities and can be found in the ConfigMgr client log directory.
It gets even better. There are two buildin reports about the state messages send by the Configuration Manager HTTPS Readiness Assessment Tool. These reports can be used to determine if the ConfigMgr clients are ready for a switch to HTTPS communication. Those reports are:
- Count of clients capable of HTTPS communication: This report displays detailed information about each client in site that have run the HTTPS Communication Readiness Tool and reported to be either capable or incapable of communicating over HTTPS.
- Clients incapable of HTTPS communication: This report displays detailed information about each client in site that has run the HTTPS Communication Readiness Tool and reported to be incapable of communicating over HTTPS.
Further reading
For more information about planning a transition strategy for PKI certificates and Internet Based Client Management see: http://technet.microsoft.com/en-us/library/gg712284.aspx
where is the tool? i dont find it anywhere 🙁
This tool can be found in the client installation directory.