One of the questions that always come up during the planning phase of WSUS is how to secure the communication between WSUS and the clients. The general guidelines for this deployment are documented at Securing WSUS with the Secure Sockets Layer Protocol article and you should always read it first. The goal of this article is to extent this list and highlight additional considerations that you should take while planning this type of deployment.

Additional Considerations while Deploying WSUS with SSL

  • Use an FQDN wherever you refer to the WSUS server, including the common name used to create the SSL Certificate even on an intranet.
  • Require SSL so that you know your connections are secure.
  • Use a certificate chained to already known trusted root, issued from a certificate authority that maintains CRL (in case your certificate becomes compromised).

Consider the Algorithm and Certificate Key length of the certificate you are using: