# WSUS SSL Client Configuration



## newhouse1390 (Jan 10, 2005)

I set the clients to access the https://192.168.10.101 address which is of my WSUS server. I am using the deafult port for SSL (431) so I should not have to include that but my clients still will not check in. I think this is my problem. Can anyone help me.



> Configuring SSL on client computers
> There are two important caveats when configuring client computers:
> 
> • You must include a URL for a secure port that the WSUS server is listening on. Because you cannot require SSL on the server, the only way to ensure that client computers use a secure channel is to make sure they use a URL that specifies HTTPS. If you are using any port other than 443 for SSL, you must include that port in the URL, too.
> ...


----------



## whardman (Jun 28, 2006)

The default port for https is 443 not 431. You need to change the port to 443 or change the address to https://192.168.10.101:431.


----------



## newhouse1390 (Jan 10, 2005)

I think I just misspoke. I did not change the default port used, and I am under the understanding that if that doesn't change their is no reason to include the port number in the URL. I will try putting the port number in. I still believe this issue is along the line of certificates not being trusted.


----------



## Cellus (Aug 31, 2006)

Untrusted certificates are a common problem when you create a custom CA and forget to have the new CA trusted.


----------



## newhouse1390 (Jan 10, 2005)

Can you tell me how I can get my Certificate trusted by my client computers?


----------



## crazijoe (Oct 19, 2004)

You will need to install the certificate on the users computers.


----------



## newhouse1390 (Jan 10, 2005)

Will installing the cert that is presented when you access the webpage good enough to install. Or do I need to go to the cert services intranet site? How would you reccommend getting that done?


----------



## crazijoe (Oct 19, 2004)

newhouse1390 said:


> Will installing the cert that is presented when you access the webpage good enough to install.


We tried it that way and it didn't work. I know this sounds crazy but this was the only way we could get it to work. What we did it was we imported it off the server and installed it onto each machine that needed it.


----------



## newhouse1390 (Jan 10, 2005)

This link has the fix, I have been able to come up with a new error message :sayyes: . I think I just need to know where to get the cert off of the server and where / how to input it on the clients.

http://www.security-forums.com/viewtopic.php?p=246475&sid=5a1784212b52c45d00fa88a97da921ed


----------



## newhouse1390 (Jan 10, 2005)

This issue was resolved. There was a conflict with the SSL configuration on the default page and that change did not take affect on the child websites.


----------

