Articles in this section

Enabling  SSL on WSUS 

Todd Kirkland
  • Updated
Follow

Steps demonstrating how to configure SSL on servers running the Windows Server Update Services.

  1. Login to your WSUS server
  2. Open up Server Manager        Server 2012 R2 - Server Manager
  3. Select Tools -> Internet Information Services (IIS) Manager Server Manager - Tools - Internet Information Services IIS Manager
  4. Generate a SSL certificate
    1. Click on your Server and select Server Certificates Internet Information Services (IIS) Manager - Server Certificates
    2. If you have your own PKI environment, follow these steps, if not, jump to step three
      1. Click 'Create Self-Signed Certificate' on the right side. (you can also create a domain certificate if you would like but it is not specified in this manual).
      2. Screen_Shot_2020-05-13_at_11.24.25_AM.png
      3. Fill in the field “Specify a friendly name for the certificate”.  Select the “Web Hosting” certificate from the drop down menu.  Click OKScreen_Shot_2020-05-13_at_11.25.22_AM.png

      4. Open Sites in the connection tree > Click 'WSUS Administration'Screen_Shot_2020-05-13_at_11.26.48_AM.png

      5. Under Actions column to your right, click on Screen_Shot_2020-05-13_at_11.29.21_AM.png
      6. Select the 'https 8531' row and click editScreen_Shot_2020-05-13_at_11.31.32_AM.png
      7.  Select the SSL certificate you have just created in the dropdown list. Click 'View'Screen_Shot_2020-05-13_at_11.34.24_AM.png

      8. Copy to clipboard the FQDN of the 'Issued to' server.  Click OK.Screen_Shot_2020-05-13_at_11.36.55_AM.png

      9. Enter the hostname you have copied in the previous step to the Host name field. Click OK and then click close. Screen_Shot_2020-05-13_at_11.38.45_AM.png

      10. Under the 'WSUS Administration' tree click on 'ClientWebService' and then double click on the 'SSL Settings'.Screen_Shot_2020-05-13_at_11.54.59_AM.png

      11. Mark the 'Require SSL' checkbox and then click Apply.Screen_Shot_2020-05-13_at_11.57.02_AM.png

      12. Repeat the last two steps (9,10) for:
        1. 'DssAuthWebService'
        2. 'ServerSyncWebService'
        3. 'SimpleAuthWebService'. Close Internet Information Services (IIS) Manager.Screen_Shot_2020-05-13_at_11.57.02_AM.png 
      13.  Start a command prompt in Administrator mode. 
        1. Change directory to C:\Program Files\Update Services\Tools. 
        2. Run WsusUtil.exe configuressl <FQDN>. 
        3. Make sure you get a similar URL response as seen in the screenshot.
        4. Close the command prompt.giliprompt.jpg
      14. The next step would be to export the certificate. Run MMC in Administrator mode.  Click File>Add/Remote Snap-inimage201.png
      15. Click on Certificates >  Click Add.image202.png
      16.  Click the radio button 'Computer account'.  Click Next.image203.png
      17. Click on the Finish buttonimage204.png
      18. Click OKimage205.png
      19.  Expand the Certificates (Local Computer) \ Trusted Root Certification Authorities and click on Certificates.  Right-click on the certificate that matches the FQDN of this server.  Click All Tasks > Export. The exported certificate can be used on WSUS client servers.gilicropped.jpg
      20. Done!

 

Related articles

Comments

0 comments

Please sign in to leave a comment.