One of the questions that always come up during the planning phase of WSUS is how to secure the communication between WSUS and the clients. The general guidelines for this deployment are documented at Securing
WSUS with the Secure Sockets Layer Protocol article and you should always read it first. The goal of this article is to extent this list and highlight additional considerations that you should take while planning this type of deployment.
Consider the Algorithm and Certificate Key length of the certificate you are using:
Nice post. Another thing to point out would be that if you're using firewalls (internal or external to the wsus server) Since EULA's are still downloaded through clear HTTP you need port 80/8530 open aswell. Could be useful to know when putting wsus on DMZ and such as you often limit access through firewalls. Just opening 443\8531 won't cut it.
JLCM, Yuri posted an article on WSUS in a DMZ here: social.technet.microsoft.com/.../5153.aspx