From LedHed's Wiki
Revision as of 23:33, 14 June 2016 by Ledhed (Talk | contribs)

Jump to: navigation, search

Overview

This article describes how to setup WSUS to use SSL. This article is a condensed post, of which all content was taken from another site. This is here for redundancy and ease of access. All credit goes to Jack Stromberg (the author of the referenced article).


WSUS SSL Down-N-Dirty

1. Install WSUS Role
2. Launch IIS Manager
3. Click the Server, then Server Certificates.
4. Create a Domain Cert (or CSR if you don't have an internal CA, and have a CA sign it.)
5. Bind the newly signed certificate to the WSUS Administration site. (click Bindings -> https -> edit -> Select)
6. Require SSL on the following virtual roots: ApiRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, SimpleAuthWebService
This can be done by expanding the WSUS Administration site, selecting one of the above virtual roots, and clicking "SSL Settings" and checking "Require SSL"

7. Run the following command:

"C:\Program Files\Update Services\Tools\WSUSUtil.exe" configuressl YOURSERVER.DOMAIN.TLD

Where YOURSERVER.DOMAIN.TLD is the FQDN of your WSUS server.

8. Reboot
9. Launch the WSUS MMC.
10. Delete the old reference to your WSUS server. (Odds are its throwing a Node error anyway)
11. Right click "Update Services", click "Connect to Server", Type in your server's FQDN and check the SSL checkbox

With any luck you're server will show up in the MMC.


Next Steps

Create/Update the GPO that tells client workstations which WSUS server to connect to. Set it to:

https://YOURSERVER.DOMAIN.TLS:8531
Computer Configuration\Polices\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location

Detailed steps can be found in the reference article below.


Reference

http://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/