The implementation of HTTPS Inspection to inspect the traffic between Microsoft Update and a WSUS server as shown below is not supported:
For more information on how HTTPS Inspection works on Forefront TMG 2010 read the article below:
By allowing WSUS to accept another certificate that the actual Microsoft certificate for Microsoft Update, would not allow WSUS to be confident that the metadata actually comes from Microsoft Update. Therefore, this scenario is not supported.
WSUS uses HTTPS only for the transmission of update metadata between WU/MU and the WSUS server. This metadata has no executable content. All update content is transferred over HTTP and is validated with signature checks.