Configuring SSL WSUS for 3rd Party Update

Scope: Easy2Patch (All Versions)

To deploy 3rd party updates with WSUS and/or SCCM, SSL configuration on WSUS is required. Below are the steps to be done on WSUS and SCCM.

  1. Request SSL certificate for WSUS,

  2. WSUS Website configuration,

  3. Convert WSUS to SSL with WSUSUtil,

  4. 3rd Party settings on SCCM,

  5. Notification of WSUS address broadcast over SSL to client computers

Request SSL certificate for WSUS

SSL Certificate is required for the website where WSUS Web service is published. This certificate can be obtained from a trusted authority or corporate CA server. The certificate must be an HTTPS SSL certificate and must be in a format suitable for common security levels. Fields such as Common Name, Subject Name of the certificate must contain the FQDN (for example name of the WSUS server.

WSUS Website Configuration

Assign SSL Certificate for WSUS Web Site in Internet Information Services snap-in. give SSL sertificate for binding of Secure Port (for example: 8531 or 443)

Select Require SSL for the following applications of WSUS Site.

  • ApiRemoting30

  • ClientWebService

  • DssAuthWebService

  • ServerSyncWebService

  • SimpleAuthWebService

Convert WSUS to SSL with WSUSUtil

WSUSUtil tool used for converting WSUS Service from or to SSL/NonSSL. Following command should be running on WSUS server with administrative priviledge. When you open command line, open as administrator option should use.

WSUSUtil placed in WSUS installation folder. generally this tool exist under "C:\Program Files\Update Services\Tools"

wsusutil configuressl address should replaced with your wsus servers FQDN name.

Last updated