When you have your ConfigMgr 2012 site fully communicating over HTTPS you may also want your Software Updates delivered over a secure channel.
Well that´s possible!
More info:
http://technet.microsoft.com/en-us/library/bb633246.aspx
When you have the WSUS component installed on the SCCM 2012 SP1 server, the same certificate that was used to secure the ´Default Web Site´ can be used to secure the WSUS Administration site from within IIS.
TIP
Not all the virtual directories within the WSUS Administration site need to be enabled for SSL.
Only enable SSL for:
- APIRemoting30
- ClientWebService
- DSSAuthWebService
- ServerSyncWebService
- SimpleAuthWebService
Web Server Configuration
To configure WSUS for SSL communication:
- Open Internet Information Services (IIS) Manager.
- Expand Sites, and select the WSUS administration site (which is often the 'Default Web Site').
- Click the Bindings action.
- Click Add, select HTTPS, and click Edit.
- Choose the certificate from the list.
(Click View to verify the correct certificate was selected, click OK, and then click Close).
- Select the APIRemoting30 virtual directory.
- Double-click the SSL Settings option.
- Enable the Require SSL option and click Apply.
- Repeat for the ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories.
With the WSUS virtual directories correctly configured, run the following command on the WSUS server to finalize the configuration needed to support SSL:
WSUSUtil.exe configuressl {FQDN.stiteservername}
This utility is located in the Tools folder located within the WSUS installation folder.
(By default, this is folder is C:\Program Files\Update Services\Tools).
ConfigMgr Configuration
Under Administration – Overview – Site Configuration – Servers and Site System Roles choose your
Software Update Point and select
Properties.
Now select the
Require SSL communication to the WSUS server.
And as visible in the WCM.log we have SSL communication:
No comments:
Post a Comment