WSUS administrators,
Has anyone had success setting up WSUS on Windows Server 2012 R2
with an SSL configuration?
I've tried it twice now, and although the https connection works,
the clients don't communicate with the server properly. To make it
worse, when I follow the instructions How
to Configure the WSUS Web Site to Use SSL, I lose the ability
to open the administration console on the WSUS host, and when you
test client access with the url
https://<wsushost>.kbs.msu.edu:8531/ClientWebService/Client.asmx?singleWsdl,
the xml returned contains references to http:8530 instead of
https:8531. Since the instructions say to lock the virtual
directory ClientWebService to SSL, it isn't going to work. Before
you ask, the answer is yes, I remembered to use wsusutil.exe
configuressl hostfqdn, and I configured the clients with the
https://hostfqdn:8531 that was output to the Command Prompt window
by wsusutil.exe.
The initial HTTPS connection works. I can open the administrator
console on a server that is not the WSUS host and connect remotely
to the console interface of the WSUS host.
The WSUS version that loads on my server when the role is enabled is
WSUS 6.3.9600.
I have seen instructions that say the SSL certificate should contain
a Subject Alternative Name (SAN) that matches the friendly name of
the host (i.e. not FQDN), but that isn't possible now-a-days with
InCommon certificates.
-Stefan
