In this article, you will learn to configure SSL at WSUS and integrate SVM with it for secure publishing.
This provides all the steps, but it should act as an example.
You should always implement your services through the most current encryption and security standard.
The following will take you through all steps.
NOTE: This article provides examples for Windows Server 2012 R2 installation of WSUS, but you will likely be able to apply the same, or similar steps for higher versions of Windows Server Update Services.
1) Open the Server Manager, navigate to Tools > Internet Information Services (IIS) Manager.
2) Click the server node in the tree. Double-click on "Server Certificates".
3) Here you have two options.
4a) Select your CA SSL certificate [PFX format], provide the password and choose "Web hosting".
4b) Provide a friendly name for the certificate. Choose. "Web Hosting" store and close it with OK.
5) Choose "WSUS Administration" in the left-hand sided tree list.
6) Choose "Bindings" in the Actions column.
7) Click on "https 8531" and choose "Edit"
15) Run command prompt in Administrator mode.
16) Change to directory C:\Program Files\Update Services\Tools.
17) Run "WsusUtil.exe configuressl <FQDN>". The output should be similar as shown below.
The next step is to export this certificate and provide it to all systems connecting to WSUS.
18) Run MMC as admin. Click File and choose "Add/Remove Snap-in"
19) Click Certificates and then click Add.
20) Enable "Computer account" and click Next.
21) Choose "Local computer" and click Finish. Click OK after that.
22) Expand the Certificates (Local Computer) \ Trusted Root Certification Authorities.
23) Click on Certificates. Locate the certificate that matches the FQDN of this server.
24) Right-click and choose "All Tasks" and "Export"
Now the certificate has been exported, you will need to provide this certificate to all systems that will need to connect to the WSUS server (SCCM, WU agents, SCCM clients).
This certificate should be imported to the "Trusted Root Certification Authorities" (This can also be achieved by creating a GPO). WSUS should be configured to use SSL and you should be able to integrate the Software Vulnerability Manager interface with the WSUS server using SSL.
25) In the Patching menu, navigate to Patching, choose Configuration -> WSUS/System Center.
26) Provide the FQDN as the WSUS server name (as in step 9).
27) Enter the correct WSUS SSL port, enable "Use SSL Connection" checkbox, then press Connect.
28) Verify the connection in the connection status.
on Jul 17, 2018 10:51 AM - edited on Sep 19, 2019 04:27 PM by RDanailov