Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Help installing Secure Socket Layers
- Thread starter nick8078
- Start date
monsterjta
IS-IT--Management
If your WSUS traffic will not be traversing a public network, I wouldn't worry too much about using SSL. However, if you really want to use it then you will need to setup a Certificate Authority in your domain. There are plenty of articles on how to do that via MS Site.
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
you will need a CA
request a webserver certificate for the WSUS server, from the WSUS server
Use iis admin console to add the certificate to the website, then require ssl on the directory security tab....
this could be helpful:
and heres a snip of the training documentation i wrote for MS of how to enable in IIS (bear in mind this is simply an add-on to an LDAPs document I wrote, so ignore references to the DC):
Setting up a website to use SSL (this is particularly to show how to configure certsrv page to use SSL provided default configuration, and is assuming that a MS CA is already installed and properly configured). Please note that this should only be used as an add on to a case IF you feel you can perform the tasks required in a timely fashion, these are two different types of certificates enabling SSL communication to 2 different network services, LDAP/SSL and HTTPS, which entail altogether different certificates on any server EXCEPT a domain controller, which can use it’s DC cert placed into the local computer\personal\certificates store for all SSL communications (web server template, or a custom template, will be required for SSL to a webpage for a member server):
1. Open FQDN>/certsrv on the CA to get to the cert request page from the server in question (not including a DC, as the DCD can use its domaincontroller cert for these purposes)
2. Choose request a certificate
3. choose advanced certificate request
4. choose create and submit a request to this CA
5. Choose the ‘web server’ certificate template from the certificate template dropdown
6. Put in the identifying information for the certificate template
7. Create a new key set
8. Check the box to store the certificate in the local computer store instead of the user certificate store
9. Change the request format to PKCS#10 (if desired)
10. Click submit
11. Click yes if prompted with the message indicating “the server is requesting a certificate on behalf…”
12. Click ‘Install this certificate’
13. Click yes
14. Open the mmc for the certificates snap in and ensure this web server cert is imported into local computer\personal\certificates store.
15. Open IIS on the CA/DC
16. Expand web sites and right click on default web site (or applicable web site), and select properties
17. Go to the directory security tab
18. Towards the bottom, click the box reading ‘server certificate’
19. Click next
20. Choose to add an existing certificate (or replace the current if one is currently specified that is not working)
21. Click next
22. Choose the web server SSL cert you created and added to the machine and click next
23. Finish up with wizard
24. Ok the settings for the web page (also check whether or not to only allow SSL to connect to the site at this time)
25. Go into the services console and restart the IIS Admin service.
26. Connect to address> from the web server itself (the web page identified in <web address> must have steps 16-23 performed on it as well)
27. Install the certificate or click yes, then enter your credentials when/if prompted (if using windows integrated authentication from non-domain member)
28. Ensure the page connects over SSL successfully
*for remote clients to connect (non-domain members), they must connect to the certsrv webpage and install the CA cert to trusted root certification authorities in order for client end of LDAP over SSL to work. Certutil –vroot could be useful here as well.
-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.
request a webserver certificate for the WSUS server, from the WSUS server
Use iis admin console to add the certificate to the website, then require ssl on the directory security tab....
this could be helpful:
and heres a snip of the training documentation i wrote for MS of how to enable in IIS (bear in mind this is simply an add-on to an LDAPs document I wrote, so ignore references to the DC):
Setting up a website to use SSL (this is particularly to show how to configure certsrv page to use SSL provided default configuration, and is assuming that a MS CA is already installed and properly configured). Please note that this should only be used as an add on to a case IF you feel you can perform the tasks required in a timely fashion, these are two different types of certificates enabling SSL communication to 2 different network services, LDAP/SSL and HTTPS, which entail altogether different certificates on any server EXCEPT a domain controller, which can use it’s DC cert placed into the local computer\personal\certificates store for all SSL communications (web server template, or a custom template, will be required for SSL to a webpage for a member server):
1. Open FQDN>/certsrv on the CA to get to the cert request page from the server in question (not including a DC, as the DCD can use its domaincontroller cert for these purposes)
2. Choose request a certificate
3. choose advanced certificate request
4. choose create and submit a request to this CA
5. Choose the ‘web server’ certificate template from the certificate template dropdown
6. Put in the identifying information for the certificate template
7. Create a new key set
8. Check the box to store the certificate in the local computer store instead of the user certificate store
9. Change the request format to PKCS#10 (if desired)
10. Click submit
11. Click yes if prompted with the message indicating “the server is requesting a certificate on behalf…”
12. Click ‘Install this certificate’
13. Click yes
14. Open the mmc for the certificates snap in and ensure this web server cert is imported into local computer\personal\certificates store.
15. Open IIS on the CA/DC
16. Expand web sites and right click on default web site (or applicable web site), and select properties
17. Go to the directory security tab
18. Towards the bottom, click the box reading ‘server certificate’
19. Click next
20. Choose to add an existing certificate (or replace the current if one is currently specified that is not working)
21. Click next
22. Choose the web server SSL cert you created and added to the machine and click next
23. Finish up with wizard
24. Ok the settings for the web page (also check whether or not to only allow SSL to connect to the site at this time)
25. Go into the services console and restart the IIS Admin service.
26. Connect to address> from the web server itself (the web page identified in <web address> must have steps 16-23 performed on it as well)
27. Install the certificate or click yes, then enter your credentials when/if prompted (if using windows integrated authentication from non-domain member)
28. Ensure the page connects over SSL successfully
*for remote clients to connect (non-domain members), they must connect to the certsrv webpage and install the CA cert to trusted root certification authorities in order for client end of LDAP over SSL to work. Certutil –vroot could be useful here as well.
-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.
- Status
Similar threads
- Locked
- Question