locked
WSUS to support both SSL and HTTP communication. RRS feed

  • Question

  • Hi,

    I need to deploy WSUS server which will support both communication protocol i.e. SSL and HTTP.

    So that some client machine can use SSL protocol for windows update scanning, and some client can use plain http protocol for scanning.

    I am aware of steps to enable SSL settings on IIS as here specified.

    so My question is : Is it possible to support both communication protocol at the same time?

    If yes then what steps I need to follow. 

    Thanks,
    Rahul S.

    Tuesday, March 1, 2016 12:27 PM

Answers

All replies

  • Hi RahulShivangi,

    The article provided by yourself has pointed out it, check the following paragraph:

    Configuring SSL on the WSUS Server:

    "The most important thing to remember when configuring the WSUS server to use SSL is that WSUS requires two ports in this configuration: one for encrypting metadata with HTTPS and one for clear HTTP. When you configure IIS to use the certificate, keep the following points in mind:"

    To keep WSUS Web site as secure as possible, only require SSL for the following virtual roots:

    • SimpleAuthWebService
    • DSSAuthWebService
    • ServerSyncWebService
    • WSUSAdmin
    • ClientWebService
    To keep WSUS functioning, you should not require SSL for the following virtual roots:

    • Content
    • ReportingWebService
    • SelfUpdate

    For example:

    >so My question is : Is it possible to support both communication protocol at the same time?

    Yes, you may follow this article:

    https://technet.microsoft.com/en-us/library/bb633246.aspx

    Besides, this post is related with the issue, and I list the detailed steps to configure SSL for WSUS:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/feb83dc7-bdf5-4878-9112-ebdade971f7f/wsus-event-ids-7032-7053-13042-13051-12002-12012-12032-12022-12042-and-12052?forum=winserverwsus

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Wednesday, March 2, 2016 2:32 AM
  • Thanks Anne for your reply.

    I will test it by doing settings on IIS as specified by you.

    Thanks & Regards,

    Rahul.

    Wednesday, March 2, 2016 2:38 PM
  • Hi RahulShivangi,

    Yes, and if you meet any problem, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, March 3, 2016 1:14 AM