This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 85%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hey guys,
I've a downstream DMZ based WSUS server WSUS.CONTOSO.LOCAL deployed to service internet based clients.
I have a public CA created SSL certificate (WSUS.CONTOSO.COM) to apply to the WSUS site (8531) to make WSUS accessible to internet based clients over SSL / HTTPS.
However, if i run WsusUtil.exe configuressl WSUS.CONTOSO.COM it breaks access to the WSUS console which requires the server hostname in order to function WSUS.CONTOSO.LOCAL.
Any idea what the solution is here? I'm a little stumped.
Regards.
Remove the "Server" from the WSUS MMC Console, then right click and Add Server, fill out wsus.contoso.com, put a checkmark in SSL, and click Add
It should then work.
The WSUS MMC Console can add MULTIPLE WSUS servers to it's console for multiple server management within 1 Window.
Hello,
Thank you for your question.
You must import the certificate to all computers that will communicate with the WSUS server. This includes all client computers, downstream servers, and computers that run the WSUS Administration Console. The certificate should be imported into the local computer Trusted Root CA store or into the Windows Server Update Service Trusted Root CA store.
Please have a look on below Microsoft article mentioning how to secure WSUS with SSL.
----------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--