Home
.. About WSUS Wiki

WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List

WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice

SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues

With SSL, the server always needs a certifcate - this contains the public key used to negotiate enctyption of the SSL channel. It also serves to authenticate the server to the client. You can also require the SSL client to also have a certicate, to enable the server to authenticate the client.

In WSUS, you can require SSL between chained WSUS Servers. In this case, the upstream server requries a server certificate, while the downstream server can have a client certficate.

Adding the client certificate to a WSUS server can be tricky, as the certicate must be imported into either the Local Computer’s Trusted Root CA store or Automatic Update Service’s Trusted Root CA store. If the certificate is only imported to the Local User’s Trusted Root CA store, AU fails server authentication. The same argument holds for Child WSUS servers as well, except that the certificate now has to be imported into Local Computer’s store.