WSUS Signing Certificate Creation Fails When Not Using SSL Connections

Version 2


    This document will discuss how to create a WSUS self-signed certificate when WSUS is not configured to use SSL.



    There is a defect in Shavlik Patch 2.2.568 where using a non-SSL connection on port 8530 to connect to the WSUS will cause self signed certificate creation.  It is only possible to create a self-signed certificate without an SSL connection if it is done on the WSUS server. If done remotely, using our plug-in or PowerShell, you must have an SSL connection.  You can verify which port you are using through Shavlik Patch > Setting > WSUS Server.  This issue may happen when port 8530 is selected and 'Use Secure Layer (SSL) to connect to this server.' is not check-marked.

    Creating the Self-signed certificates could fail at this point with a message stating a SSL connection is required.


    You can use the following PowerShell commands below:



    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

    $config = $WSUS.GetConfiguration()



    • The script must be run on the WSUS server.


    Affected Product(s)

    Shavlik Patch 2.2.568