This article provides useful steps to install the code-signing certificate required by the Software Vulnerability Manager at WSUS to enable publishing integration between SVM and all WSUS APIs. We also listed more useful tips around certificate handling with Powershell as it is very handy to leverage PowerShell for WSUS-related certificate operations.
1. Open up Powershell as Administrator on your WSUS server, or Software Update Point of SCCM.
2. Run the following to set the WSUS server and its configuration to an object.
3. Next, run this snippet to set the new code signing certificate.
$config.SetSigningCertificate("<Path to pfxFile>", "<PFX file password>")
Bear in mind, this will be a file with both the public and private keys (pfx usually). You'll need to replace the path and private key password within the placeholder values in quotes.
4. Now save the changes.
The Powershell PSProvider "Certificate" gives the shell direct access to certificate stores of the system or the user depending on where you want to go. To get a quick glimpse of that, use this command:
You can go about the Cert PSProvider as you do basic filesystem browsing using dir (Get-ChildItem😞
In PowerShell ISE you can get the path prediction to display your options next effortlessly. That makes it very easy to predict all of the member properties of the certificates you can use as a filter.
For example, let's say you're interested to get all certificates and filter them through a where clause that outputs only those that have a private key at your WSUS stores. You can make use the HasPrivateKey property, as per the below example, to get all certificates that have a private key in them:
The example output of this sample query looks similar to the following in one of my test labs:
on Nov 15, 201804:47 PM - edited on Sep 26, 201905:25 AM by RDanailov