Easy2Patch v3.0
  • Infrastructure Documents
  • Overview
    • What is Easy2Patch
    • FAQs
    • Road Map
    • Licensing
  • Planning
    • Supported Configurations
    • Windows Operating System Requirements
    • Other Requirements
    • Network Considerations
    • Design
      • Update & Application & Intune (Server Deployment)
      • Standalone WSUS Deployment
      • Standalone Intune Deployment
  • Deployment
    • Installing WSUS Console
    • Installing SCCM Admin Console
    • Configuring Intune Application Registration
    • Getting Code-Signing Certificate
    • Installing Easy2Patch
    • Licensing
  • Configuring
    • Configuring SSL WSUS for 3rd Party Update
    • Configuring ConfigMgr for 3rd Party Updates
    • Easy2Patch Settings
      • General
        • Certificate Management
        • General Settings
        • Application Deployment
        • Intune Deployment
        • Maintenance
      • Notification
        • E-Mail
        • Telegram
          • Creating a Telegram Bot
          • Telegram Chat ID
      • SCCM / WSUS / INTUNE
        • WSUS Settings
        • SCCM Settings
        • Database Settings
        • Intune Settings
      • Proxy
  • Managing Easy2Patch
    • Update
    • Application Deployment
    • Intune Update
    • Intune Application
    • License Management
  • Troubleshooting
    • Schema files not found!
    • Failed to sign package; error was: 2147954402/2147954429
Powered by GitBook
On this page
  • Request SSL certificate for WSUS
  • WSUS Website Configuration
  • Convert WSUS to SSL with WSUSUtil
  1. Configuring

Configuring SSL WSUS for 3rd Party Update

Scope: Easy2Patch (All Versions)

PreviousConfiguringNextConfiguring ConfigMgr for 3rd Party Updates

Last updated 2 years ago

To deploy 3rd party updates with WSUS and/or SCCM, SSL configuration on WSUS is required. Below are the steps to be done on WSUS and SCCM.

  1. Request SSL certificate for WSUS,

  2. WSUS Website configuration,

  3. Convert WSUS to SSL with WSUSUtil,

  4. 3rd Party settings on SCCM,

  5. Notification of WSUS address broadcast over SSL to client computers

Request SSL certificate for WSUS

SSL Certificate is required for the website where WSUS Web service is published. This certificate can be obtained from a trusted authority or corporate CA server. The certificate must be an HTTPS SSL certificate and must be in a format suitable for common security levels. Fields such as Common Name, Subject Name of the certificate must contain the FQDN (for example WSUSServer.domain.com) name of the WSUS server.

WSUS Website Configuration

Assign SSL Certificate for WSUS Web Site in Internet Information Services snap-in. give SSL sertificate for binding of Secure Port (for example: 8531 or 443)

Select Require SSL for the following applications of WSUS Site.

  • ApiRemoting30

  • ClientWebService

  • DssAuthWebService

  • ServerSyncWebService

  • SimpleAuthWebService

Convert WSUS to SSL with WSUSUtil

WSUSUtil tool used for converting WSUS Service from or to SSL/NonSSL. Following command should be running on WSUS server with administrative priviledge. When you open command line, open as administrator option should use.

WSUSUtil placed in WSUS installation folder. generally this tool exist under "C:\Program Files\Update Services\Tools"

wsusutil configuressl wsusserver.domain.com

wsusserver.domain.com address should replaced with your wsus servers FQDN name.