Prerequisites
WSUS
- WSUS must have a static public IP address
- WSUS must be able to communicate with http://catalog.jetpatch.com/ (note: access required, please send WSUS public IP to JetPatch team)
- Once whitelisted, verify on the WSUS server that the link http://catalog.jetpatch.com/10mb.msi saves the file with an MSI extension.
- WSUS must be able to communicate with http://timestamp.digicert.com
- The WSUS API call uses the Windows Crypto API for the timestamping operation to http://timestamp.digicert.com. The Windows Crypto API uses the default proxy configured at the SYSTEM level
- The 3rd Party Software Plugin should be installed in the Primary WSUS machine (in addition to any relevant replicas)
- WSUS must be at release 6.2 or greater.
Machine
- Operating System - Windows Server 2016 / 2019 / 2022
- .NET Framework 4 or greater must be installed.
- The credential used to run 3rd party software plugin must be part of the WSUS Administrators group of the WSUS Server
Installing and configuring the 3rd party software plugin
- Go to: http://catalog.jetpatch.com/ (access required, please send WSUS public IP to JetPatch team)
- Download and install: System Center Updates Publisher (Updates Publisher)
- Launch Updates Publisher
- Click on the blue Menu in the top left corner
- Then click on Options
- On the first page that will be open, hit enable Publishing to an Update Server.
- Choose the Connect to a local update server
- After that - Test Connection (It should say that it was successful, and will ask about a certificate (check next step))
Certificate Configuration
The 3rd party software plugin will sign the packages with a self-signed certificate (should be downloaded from http://catalog.jetpatch.com/). These two certificates should be installed on every endpoint that will be getting 3rd Party app updates (check step: Deploy your code signing certificate to clients and WSUS).
Steps:
- Load Certificate - Click on “Browse” then select the certificate in the format ".pfx "
- Signing Certificate - Click on "Create" a new Certificate
- Insert Password - Fill in the certificate password of the ".pfx" certificate (provided by the JetPatch team)
- Test Connection Again
- Hit OK and Restart the Program.
Certificate Validation
Open Updates Publisher validate the certificate was created/imported successfully, open the program, go to Options -> Update server, and look if the information was provided in "Certificate issuer" and "Expiration Date"
Deploy your code signing certificate on WSUS
- Open MMC Console as admin
- File -> Add/Remove Snap In
- Find Certificates and click on Add
- Select Computer account
- Local computer then finish
-
Install the certificate (.CER) to MMC (Trusted Root Certification Authorities, Trusted Publishers, and WSUS folders (note: WSUS folder may be spelled out WindowsServerUpdateServices in some versions of WSUS, but either way put it in that folder.):
What's Next?
The next thing consist to import and Publish 3rd Party Applications to WSUS.
Comments
0 comments
Please sign in to leave a comment.