To access the WSUS server with the Matrix42 patch catalog for SCCM, we recommend a certificate for enhanced security. If the WSUS server has been installed, as shown here, you must now add SSL configuration accordingly. To do so, open the IIS Manager on the WSUS server and open "Server Certificates" under localhost and initiate the "Create Certificate Request…" to start the dialog for creating a certificate request. Please specify the name of the WSUS server as common name exactly as it should be used later and complete all other fields as required.
Now you must select the required encryption level (2048 or higher is recommended) and save the text file in a directory which can also be accessed by the CA.
Based on the certificate request, the certificate can be created on the CA. The certificate request does not include information on the certificate template, which is used as basis for creating the certificate, and therefore, the certificate cannot be created via the MMC snap-in, but must be created via the command line. Please call the following command to create the certificate („TemplateName“ and paths must be modified accordingly):
certreq.exe –submit –attrib „CertificateTemplate:<TemplateName>“ c:\temp\iis.txt c:\temp\iis.cer
Now go back to the IIS server and call the option "Complete Certificate Request". Enter any "Friendly Name", leave the "Personal" default selection as certificate store and click "OK" to finish the dialog.
Now go to the WSUS web site in IIS Manager and start the "Bindings" action.
Use the following dialog to edit the binding for "https" and then select the certificate you have specified before. The certificate is displayed under "View" and you can copy the server's FQDN name and paste it into the "Host name" field.
Now you must change some sections below the WSUS page to SSL.
Click the "Require SSL" box and then click "Apply".
Repeat the two last steps for “DssAuthWebService”, “ServerSyncWebService” and “SimpleAuthWebService”. Now you can close the IIS Manager.
To be able to access WSUS via https, it must be informed accordingly. Start an input prompt in the administrator mode. Go to C: \ Programs \ Update Services \ Tools and execute "WsusUtil.exe configuressl <FQDN>". You should receive a URL response similar to the one below. Close the prompt.