How to Configure the WSUS Web Site to Use SSL
Updated: May 1, 2011
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
When a Configuration Manager 2007 site server is in native mode, or when the active software update point is configured to use Secure Sockets Layer (SSL), there are five virtual roots that must be configured to use a secured channel on the active software update point server and active Internet-based software update point server, if it is configured. The virtual roots are located under the Web site used by the Windows Server Update Services (WSUS) server, and they are modified by using the Internet Information Services (IIS) Manager. After the virtual roots have been configured, you must run the WSUSUtil tool to configure the health monitoring feature of WSUS to use SSL.
Use one of the following procedures to configure SSL on the WSUS server.
To configure SSL on the WSUS server by using IIS 6.0
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Web Sites. and then expand the Web site for the WSUS server. We recommend that you use the WSUS Administration custom Web site, but the default Web site might have been chosen when WSUS was being installed.
Perform the following steps on the APIRemoting30. ClientWebService. DSSAuthWebService. ServerSyncWebService. and SimpleAuthWebService virtual directories that reside under the WSUS Web site.
- Right-click the Web site or virtual directory, and then click Properties .
Close Internet Information Services (IIS).
Run the following command from <WSUS Installation Folder >\Tools: WSUSUtil.exe configuressl < Intranet fully qualified domain name (FQDN) of the software update point site system) > .Source: technet.microsoft.com