Configuring SSL WSUS for 3rd Party Update
Scope: Easy2Patch (All Versions)
Last updated
Scope: Easy2Patch (All Versions)
Last updated
To deploy 3rd party updates with WSUS and/or SCCM, SSL configuration on WSUS is required. Below are the steps to be done on WSUS and SCCM.
Request SSL certificate for WSUS,
WSUS Website configuration,
Convert WSUS to SSL with WSUSUtil,
3rd Party settings on SCCM,
Notification of WSUS address broadcast over SSL to client computers
SSL Certificate is required for the website where WSUS Web service is published. This certificate can be obtained from a trusted authority or corporate CA server. The certificate must be an HTTPS SSL certificate and must be in a format suitable for common security levels. Fields such as Common Name, Subject Name of the certificate must contain the FQDN (for example WSUSServer.domain.com) name of the WSUS server.
Assign SSL Certificate for WSUS Web Site in Internet Information Services snap-in. give SSL sertificate for binding of Secure Port (for example: 8531 or 443)
Select Require SSL for the following applications of WSUS Site.
ApiRemoting30
ClientWebService
DssAuthWebService
ServerSyncWebService
SimpleAuthWebService
WSUSUtil tool used for converting WSUS Service from or to SSL/NonSSL. Following command should be running on WSUS server with administrative priviledge. When you open command line, open as administrator option should use.
WSUSUtil placed in WSUS installation folder. generally this tool exist under "C:\Program Files\Update Services\Tools"
wsusserver.domain.com address should replaced with your wsus servers FQDN name.