WSUS Signing Certificate Creation Fails When Not Using SSL Connections

Version 2

    Purpose


    This document will discuss how to create a WSUS self-signed certificate when WSUS is not configured to use SSL.

     

    Overview


    There is a defect in Shavlik Patch 2.2.568 where using a non-SSL connection on port 8530 to connect to the WSUS will cause self signed certificate creation.  It is only possible to create a self-signed certificate without an SSL connection if it is done on the WSUS server. If done remotely, using our plug-in or PowerShell, you must have an SSL connection.  You can verify which port you are using through Shavlik Patch > Setting > WSUS Server.  This issue may happen when port 8530 is selected and 'Use Secure Layer (SSL) to connect to this server.' is not check-marked.


    Creating the Self-signed certificates could fail at this point with a message stating a SSL connection is required.


    Workaround


    You can use the following PowerShell commands below:

     

    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

    $config = $WSUS.GetConfiguration()

    $config.SetSigningCertificate(“\pathto.pfx”,”Password")

    $config.Save()


    • The script must be run on the WSUS server.

     


    Affected Product(s)


    Shavlik Patch 2.2.568