What is CMHttpsReadiness.exe?

CMHttpsReadinessThis time I’ve got a short post about another executable that I’ve found very useful. It’s CMHttpsReadiness.exe, which belongs to the Configuration Manager HTTPS Readiness Assessment Tool. This tool can be used to check the ConfigMgr clients if they are ready for a switch to HTTPS communication. Basically, it simply checks the certificate requirements on a ConfigMgr client device. To be honest this tool even already existed in ConfigMgr 2007, but in those times the executable was named SCCMNativeModeReadiness.exe. As this tool hasn’t been mentioned a lot, I thought it would be worth a short blog post.

Usage

This tool is installed during the ConfigMgr client installation and can also be found in the ConfigMgr client installation directory. It can simply be started via the command line, which also makes it fairly easy to create an old-school package of it. This makes it easy to verify all the existing ConfigMgr clients. To run this tool on ConfigMgr client devices, it is possible to specify the following parameters:

Parameter Maps to client.msi property
/Store: <name> CCMCERTSTORE
/Issuers: <list> CCMCERTISSUERS
/Criteria: <criteria> CCMCERTSEL
/SelectFirstCert CCMFIRSTCERT

Result

As with almost everything ConfigMgr related, the results can be followed in a log file. The log file named CMHttpsReadiness.log will list all the activities and can be found in the ConfigMgr client log directory.LogFile_CMHttpsReadiness

It gets even better. There are two buildin reports about the state messages send by the Configuration Manager HTTPS Readiness Assessment Tool. These reports can be used to determine if the ConfigMgr clients are ready for a switch to HTTPS communication. Those reports are:

  • Report_CMHttpsReadinessCount of clients capable of HTTPS communication: This report displays detailed information about each client in site that have run the HTTPS Communication Readiness Tool and reported to be either capable or incapable of communicating over HTTPS.
  • Clients incapable of HTTPS communication: This report displays detailed information about each client in site that has run the HTTPS Communication Readiness Tool and reported to be incapable of communicating over HTTPS.

Further reading

For more information about planning a transition strategy for PKI certificates and Internet Based Client Management see: http://technet.microsoft.com/en-us/library/gg712284.aspx

2 thoughts on “What is CMHttpsReadiness.exe?”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.