23- Configuration Manager HTTPS Communication and PKI Certificate Part 5

WSUS Server also needs a certificate for SSL communication. Start IIS, choose server and double click Server Certificates

 

 

 Under the Actions Panel, choose Create a Domain Certificate

 

 

Specify the information about your organization

 

 

Select your Root CA and give a name to your WSUS certificate.

 

 

 

 Choose WSUS web site and click Bindings

 

 

Select the WSUS certificate you just created from the list box.

 

 

 

We also need to enable SSL encryption on the following virtual folders
• ApiRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, SimpleAuthWebService

 

Choose each virtual folder and double click SSL Settings

 

 

 

Select “Require SSL” and make sure Ignore is selected under Client Certificates and click Apply under the Actions panel.

 

 

Now we need to execute a command that will make wsus to use SSL.

 

Start Command Prompt with admin priviledges

 

Navigate to your WSUS installation folder, and run the command :  WSUSUtil.exe configuressl myserver.mydomain.local

 

 

 

 

Now, Restart your WSUS server using the commands below and now your wsus server should be able communicate over SSL. 

 

 net stop WSUSService

 net start WSUSService

 

© selimatmaca.com. All Rights Reserved.