23- Configuration Manager HTTPS Communication and PKI Certificate Part 5

WSUS Server also needs a certificate for SSL communication. Start IIS, choose server and double click Server Certificates



 Under the Actions Panel, choose Create a Domain Certificate



Specify the information about your organization



Select your Root CA and give a name to your WSUS certificate.




 Choose WSUS web site and click Bindings



Select the WSUS certificate you just created from the list box.




We also need to enable SSL encryption on the following virtual folders
• ApiRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, SimpleAuthWebService


Choose each virtual folder and double click SSL Settings




Select “Require SSL” and make sure Ignore is selected under Client Certificates and click Apply under the Actions panel.



Now we need to execute a command that will make wsus to use SSL.


Start Command Prompt with admin priviledges


Navigate to your WSUS installation folder, and run the command :  WSUSUtil.exe configuressl myserver.mydomain.local





Now, Restart your WSUS server using the commands below and now your wsus server should be able communicate over SSL. 


 net stop WSUSService

 net start WSUSService


© selimatmaca.com. All Rights Reserved.