Lawrence Garvin wrote:
The steps are:
1. Create a self signed cert from server publishing setup wizard upstreamwsusserver.yourdomain.org -- this creates the Local Computer/WSUS store
2. Provision and Import a code signing cert into the Local Computer/WSUS store
3. Remove the self signed cert that was created in step 1 from the Local Computer/WSUS store
4. Publish the code signing cert into the Local Computer/Trusted Publishers all downstream wsus servers & sccm servers in patch manager
5. Publish the cert to the trusted publishers store for any endpoints that receive patches.
That'll do it.
IIS
1. Create or verify the SSL Binding on wsus for create a server auth cert if necessary for yourwsusname.domain.org?
This is only relevant if you are using **SSL** to secure/authenticate your connections between clients and servers. SSL configuration has absolutely nothing to do with local publishing or the publishing certificate.
Regarding the IIS bullet above...
If you're using the certificate issued from your internal CA this must be done, otherwise the certificate can't be used.
Patch manager will reject it every time. Interestingly enough this also holds true for SCUP.