Creating, Exporting And Importing A WSUS Self-Signed Certificate With The Shavlik Patch Plugin

Version 7

    Purpose


    This document will show you how to use the Shavlik Patch Plugin to create a self-signed certificate, and then how to export/import the created certificate to the correct locations.

     

    Description


    Creating the self-signed certificate

     

    If you have successfully connected to your WSUS server via SSL you will be able to create a self-certificate through the Shavlik Patch Settings > WSUS Server options.

     

    Here are the steps:

     

    1. Open the Shavlik Patch Settings window by right clicking on Shavlik Patch, then click Settings.

        Note: Shavlik Patch will be under Software Library > Software Updates.

    Capture17.JPG

     

    2. Within the Shavlik Patch Settings, on the WSUS Server tab:

        -First ensure you have an SSL connection to your WSUS server. Test the connection to ensure it's working.

        -Then click the 'Create a self-signed certificate' button.

    Capture0.JPG

     

    NOTE: If you receive the following error, resort to this document (Error Creating a Self-signed Certificate) before proceeding to the next steps:

     

    shavlik_certificate_error.jpg

     

    If you do not see the above error, continue with the steps below.

     

    3. You'll receive a warning message that gives you some straight-forward information about what should be done with the certificate. Click OK.

    Capture01.JPG

     

    4. Export the certificate so you can distribute it as needed. Click the 'Export' button within the Shavlik Patch Settings. You will be prompted to save the certificate. You will need a copy of the certificate for the following steps so make sure you will be able to copy this file to other computers/locations.

    Capture02.JPG

     

    Importing the certificate

     

    On any systems where you need to distribute the certificate, you can either use GPO to push the certificate which is covered in a technet blog here, or you can manually do so via MMC using the steps below:

     

    1. Open MMC. Make sure to run as an Administrator.

        Note: In the screenshot below the Start menu is set to use a third party app called Classic Shell so it may appear different from your 2012 server.

    Capture03.JPG

     

    2. File > Add/Remove Snap-in

    Capture04.JPG

     

    3. Highlight Certificates > click Add.

    Capture05.JPG

     

    4. Choose 'Computer account'. Click Next.

    Capture06.JPG

     

    5. Leave defaults under 'Select Computer'. Click Finish.

    Capture07.JPG

     

    6. Expand Certificates. Expand Trusted Root Certification Authorities. Right click Certificates, then choose All Tasks > Import.

    Capture08.JPG

     

    7. This brings up the Certificate Import Wizard. Click Next.

    Capture09.JPG

     

    8. This is where you will need a copy of the self-signed certificate generated earlier. Browse to and choose the certificate, then click Next.

    Capture10.JPG

     

    9. Make sure you are placing the cert in the correct certificate store (Trusted Root Certification Authorities for this step). Click Next.

    Capture11.JPG

     

    10. You will be given a summary. Click Finish.

    Capture12.JPG

     

    11. You should receive a message stating 'The import was successful.' Click OK.

    Capture13.JPG

     

    12. Verify you now see the self-signed certificate listed. It should appear as 'WSUS Publishers Self-signed'.

    Capture14.JPG

     

    13. Repeat the same steps for Trusted Publishers.

    Capture15.JPG

     

    14. You should end up with the WSUS Self-signed certificate under both Trusted Root Certification Authorities > Certificates and Trusted Publishers > Certificates.

    Capture16.JPG

     

    Additional Information

     

    For more information, refer to the Shavlik Patch Guide, and see the section APPENDIX A : CREATING AND DISTRIBUTING CERTIFICATES


    A Guide to Deploy Certificates by Using Group Policy exists at https://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx


    Affected Product(s)

     

    Shavlik Patch for Microsoft System Center