WSUS and ConfigMgr 2012 HTTPS communication 3

When you have your ConfigMgr 2012 site fully communicating over HTTPS you may also want your Software Updates delivered over a secure channel.

Well that´s possible!

More info: http://technet.microsoft.com/en-us/library/bb633246.aspx

When you have the WSUS component installed on the SCCM 2012 SP1 server, the same certificate that was used to secure the ´Default Web Site´ can be used to secure the WSUS Administration site from within IIS.

TIP

Not all the virtual directories within the WSUS Administration site need to be enabled for SSL.
Only enable SSL for:

  • APIRemoting30
  • ClientWebService
  • DSSAuthWebService
  • ServerSyncWebService
  • SimpleAuthWebService

Web Server Configuration

 

To configure WSUS for SSL communication:

  1. Open Internet Information Services (IIS) Manager.
  2. Expand Sites, and select the WSUS administration site (which is often the ‘Default Web Site’).
  3. Click the Bindings action.
  4. Click Add, select HTTPS, and click Edit.
  5. Choose the certificate from the list.
    (Click View to verify the correct certificate was selected, click OK, and then click Close).
  6. Select the APIRemoting30 virtual directory.
  7. Double-click the SSL Settings option.
  8. Enable the Require SSL option and click Apply.
  9. Repeat for the ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories.

With the WSUS virtual directories correctly configured, run the following command on the WSUS server to finalize the configuration needed to support SSL:

WSUSUtil.exe configuressl {FQDN.stiteservername}

This utility is located in the Tools folder located within the WSUS installation folder.
(By default, this is folder is C:\Program Files\Update Services\Tools).

 

ConfigMgr Configuration

Under Administration – Overview – Site Configuration – Servers and Site System Roles choose your Software Update Point and select Properties.

Now select the Require SSL communication to the WSUS server.

 

And as visible in the WCM.log we have SSL communication:

3 thoughts on “WSUS and ConfigMgr 2012 HTTPS communication

  1. Pingback: HTTPS Communication SCCM 2012 SP1 « MS Tech BLOG

  2. Reply Lean Jul 17,2013 6:42 am

    Great article!

    What if my upstream WSUS server is on another domain? What cert am I going to use?

  3. Reply kcavaliere Dec 9,2016 9:19 pm

    Brilliant, great how-to. Thank you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.