Steps demonstrating how to configure SSL on servers running the Windows Server Update Services.
- Login to your WSUS server
- Open up Server Manager
- Select Tools -> Internet Information Services (IIS) Manager
- Generate a SSL certificate
- Click on your Server and select Server Certificates
- If you have your own PKI environment, follow these steps, if not, jump to step three
- Click 'Create Self-Signed Certificate' on the right side. (you can also create a domain certificate if you would like but it is not specified in this manual).
- Fill in the field “Specify a friendly name for the certificate”. Select the “Web Hosting” certificate from the drop down menu. Click OK.
-
Open Sites in the connection tree > Click 'WSUS Administration'
- Under Actions column to your right, click on
- Select the 'https 8531' row and click edit
- Select the SSL certificate you have just created in the dropdown list. Click 'View'
-
Copy to clipboard the FQDN of the 'Issued to' server. Click OK.
- Enter the hostname you have copied in the previous step to the Host name field. Click OK and then click close
Note: Ensure the value you use in the Host name field is a FQDN. A ping from the Endpoint/s to the WSUS FQDN should be resolved to the correct IPv4 address -
Under the 'WSUS Administration' tree click on 'ClientWebService' and then double click on the 'SSL Settings'.
-
Mark the 'Require SSL' checkbox and then click Apply.
- Repeat the last two steps (9,10) for:
- 'DssAuthWebService'
- 'ServerSyncWebService'
- 'SimpleAuthWebService'. Close Internet Information Services (IIS) Manager.
- Start a command prompt in Administrator mode.
- Change directory to C:\Program Files\Update Services\Tools.
- Run WsusUtil.exe configuressl <FQDN>.
- Make sure you get a similar URL response as seen in the screenshot.
- Close the command prompt.
- The next step would be to export the certificate. Run MMC in Administrator mode. Click
- File>Add/Remote Snap-in
- Click on Certificates > Click Add.
- Click the radio button 'Computer account'. Click Next.
- Click on the Finish button
- Click OK
- Expand the Certificates (Local Computer) \ Trusted Root Certification Authorities and click on Certificates. Right-click on the certificate that matches the FQDN of this server. Click All Tasks > Export. The exported certificate can be used on WSUS client servers.
- Done!
- Click on your Server and select Server Certificates
Comments
0 comments
Please sign in to leave a comment.