I'm working on setting up SSL on our WSUS server using a self signed certificate, but I'm running into trouble. Specifially, after running selfssl /n:CN=server.domain.local /t /v:365, and ensuring that Require Client Certificates is selected in the following directories:
- SimpleAuthWebService
- ServerSyncWebService
- DssAuthWebService
- ClientWebService
- APIRemoting30
I am receiving Event 120[2-5]2 upon running wsusutil.exe checkhealth. Basically, each of the directories I require the certificate on fails to work. What am I missing?
Best Answer
"Require client certificates" isn't requiring SSL, it's requiring the client to have a certificate itself in order to authenticate to the server. You then need IIS certificate mapping, or AD certificate mapping in order for the client to authenticate successfully. Which I'm guessing isn't the case here.
Plus, using a self-signed certificate is going to require that cert to be trusted by all the clients (i.e. installed into the trusted root CAs store).
Set it instead to require SSL, and Ignore client certificates, and all should be fine.