I'm trying to deploy WSUS4. I'm trying to do the right thing and use server core.
The problem is that I'm stuck at enabling SSL.
When using the IIS Remote Manager there's no 'Server Ceritificates' button.
I read somewhere that I can use the certutil to import the certificate.
The problem is: I can't generate the .pfx file. The 'Export Private Key' is greyed out.
Any ideas how to do that?
You're on the right track. You have to use certutil.exe to create the certificate, then you'll see it in the drop-down in IIS Management in the edit bindings window.
Instead of importing a private key, use the capability of certutil.exe to generate and save the private key in the Windows certificate store, and then match it to the issued certificate.
To do this, one pain point is creating the request.inf file. Here is a sample that worked for me on Windows Server 2012 R2 Core for WSUS. Fill in the FQDN with the name of your server.
At the command prompt of the core server, in the folder where request.inf is, run:
Then, submit the machine.req file to your CA. If you have Windows Enterprise CA, you can do it this with this command:
When you get the certificate (either from your Enterprise CA or third-party), import it into the certificate store.
Then, go into IIS Manager on your admin workstation, connect to the WSUS server, and bind the WSUS Administration site to your certificate.
Then, you can enable "Require SSL" for:
Don't do it for any other virtual folder.
According to the documentation, you're supposed to run this on the WSUS server:
But, I'm not sure this is necessary.
Hope this helps!
Jeffrey Fox