question

MatthewTipler-3496 avatar image
0 Votes"
MatthewTipler-3496 asked LimitlessTechnology-2700 answered

WSUS Public CA SSL

Hey guys,

I've a downstream DMZ based WSUS server WSUS.CONTOSO.LOCAL deployed to service internet based clients.

I have a public CA created SSL certificate (WSUS.CONTOSO.COM) to apply to the WSUS site (8531) to make WSUS accessible to internet based clients over SSL / HTTPS.

However, if i run WsusUtil.exe configuressl WSUS.CONTOSO.COM it breaks access to the WSUS console which requires the server hostname in order to function WSUS.CONTOSO.LOCAL.

Any idea what the solution is here? I'm a little stumped.

Regards.


windows-serverwindows-server-update-serviceswindows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered AJTek-Adam-J-Marshall commented

Remove the "Server" from the WSUS MMC Console, then right click and Add Server, fill out wsus.contoso.com, put a checkmark in SSL, and click Add

It should then work.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The WSUS MMC Console can add MULTIPLE WSUS servers to it's console for multiple server management within 1 Window.

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello,

Thank you for your question.

You must import the certificate to all computers that will communicate with the WSUS server. This includes all client computers, downstream servers, and computers that run the WSUS Administration Console. The certificate should be imported into the local computer Trusted Root CA store or into the Windows Server Update Service Trusted Root CA store.


Please have a look on below Microsoft article mentioning how to secure WSUS with SSL.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939849(v=ws.10)#secure-wsus-with-the-secure-sockets-layer-protocol

https://social.technet.microsoft.com/Forums/lync/en-US/1c89036e-3a06-49ee-bfbe-dfee8104c7ab/externally-facing-wsus-server-best-practice?forum=winserverwsus



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.