WSUS in DMZ only with Computer client certificate RRS feed

  • Question

  • Hello,

    I would like to run a wsus in the DMZ.

    The Url to the DMZ WSUS is SSL protetecd.The wsus is reachable from the internet.

    Now i want that only clients with certifikates from our "intern" CA (Computer certificates) can connect the DMZ WSUS from  the internet.

    Is there any settings??



    Friday, December 19, 2014 6:49 AM


  • Hi Katharina,

    I can't find any official document about how to authenticate a WSUS client with certificate.

    Normally, we don't use WSUS to authenticate the users. We can use VPN or DirectAccess to authenticate the users. If users pass the authenticate, they can access the WSUS server.

    DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet.

    DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on.

    Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

    For detailed information about DirectAccess, please refer to the link below,

    DirectAccess Overview


    Best Regards.

    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, December 22, 2014 3:20 AM