locked
WSUS over https RRS feed

  • Question

  • Hallo Community,

    I have set up a WSUS role on a windows server 2012 R2 and it works trouble-free over http. I would like now to secure the communication with SSL over https. I generated with openssl a .pfx certificate from our company’s wildcard certificate, installed it on the server and configured IIS to use it for encryption.

    Problem:

    When I try to connect the WSUS console to WSUS service, I get the follow error.

    ---

    Cannot connect to 'Servername'. The Secure Sockets Layer (SSL) certificate for this server could not be validated.

    Please verify SSL is correctly configured, or contact your network administrator if the problem persists.
    ---

    I followed this Microsoft documentation to install WSUS over SSL https://technet.microsoft.com/en-us/library/hh852346.aspx#bkmk_3.5.ConfigSSL

    How can I resolve this issue?

    Thank you and best regards,

    Yannick


    • Edited by koukou226 Thursday, November 12, 2015 9:32 AM
    Thursday, November 12, 2015 9:32 AM

All replies

  • Hi,

    Have you import the certificate into the Trusted Root Certification Authorities on WSUS client?

    If no, please try it.

    The path is MMC --> Certificate --> Local Computer Account --> Tursted Root Certification Authorities.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, November 13, 2015 2:25 AM
  • <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-536870145 1073786111 1 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Calibri; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:Calibri; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} @page WordSection1 {size:595.0pt 842.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} --></style>

    Hi,

    yes, I did it...

    I read on an another forum, that the certificate has to match the domainname (FQDN). Is it right?

    Thank you and best regards,

    Yannick

    Friday, November 13, 2015 12:18 PM