Export (0) Print
Expand All
Expand Minimize
3 out of 10 rated this helpful - Rate this topic

How to Configure the WSUS Web Site to Use SSL

Updated: May 1, 2011

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

When a Configuration Manager 2007 site server is in native mode, or when the active software update point is configured to use Secure Sockets Layer (SSL), there are five virtual roots that must be configured to use a secured channel on the active software update point server and active Internet-based software update point server, if it is configured. The virtual roots are located under the Web site used by the Windows Server Update Services (WSUS) server, and they are modified by using the Internet Information Services (IIS) Manager. After the virtual roots have been configured, you must run the WSUSUtil tool to configure the health monitoring feature of WSUS to use SSL.

Use one of the following procedures to configure SSL on the WSUS server.

To configure SSL on the WSUS server by using IIS 6.0

  1. On the WSUS server, open Internet Information Services (IIS) Manager.

  2. Expand Web Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS Administration custom Web site, but the default Web site might have been chosen when WSUS was being installed.

  3. Perform the following steps on the APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.

    1. Right-click the Web site or virtual directory, and then click Properties.

    2. Click the Directory Security tab, and then click Edit in the Secure Communications section.

    3. Select the Require secure channel (SSL) checkbox. Ensure that Ignore client certificates is selected, and then click OK.

    4. Click OK to close the properties for the virtual root.

  4. Close Internet Information Services (IIS).

  5. Run the following command from <WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet fully qualified domain name (FQDN) of the software update point site system)>.

    ImportantImportant
    The native mode certificate for an Internet-based software update point requires that the Internet FQDN and intranet FQDN are both specified in the Web server certificate, even when clients on the intranet do not connect to it. If you specify the intranet FQDN with the WSUSUtil command, and the same FQDN is not included in the Web server certificate, the Internet-based software update point cannot connect to the active software update point on the intranet, and software updates synchronization will fail. For more information, see Certificate Requirements for Native Mode.

To configure SSL on the WSUS server by using IIS 7.0

  1. On the WSUS server, open Internet Information Services (IIS) Manager.

  2. Expand Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS Administration custom Web site, but the default Web site might have been chosen when WSUS was being installed.

  3. Perform the following steps on the APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.

    1. In Features View, double-click SSL Settings.

    2. On the SSL Settings page, select the Require SSL checkbox. Ensure that Client certificates is set to Ignore.

    3. In the Actions pane, click Apply.

  4. Close Internet Information Services (IIS) Manager.

  5. Run the following command from <WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.