Anyone using Certify the Web to enable SSL for WSUS? I see a few PowerShell scripts and whatnot out there on the web to apply certificates to WSUS in general. Figured I’d ask before I go recreate the wheel.
I’ve not used WSUS in several years myself but if it’s just an IIS website (or several) then it’s a normal IIS deployment, which the app already takes care of.
With any IIS site the simplest thing is to have your hostnames that you want to include alreday defined as “hostname” in your existing IIS bindings. To then create a cert you open the app , click New Certificate, then select the IIS site and the hostnames to include will be automatically selected. The hostnames need to be fully qualified domains, e.g. wsussrv01.yourdomain.com not just wsussrv01 (you can do that that but you need your own internal CA for intranet hostname issuance).
Typically a WSUS server will not be on the public internet, so the default HTTP domain validation (where the CA checks your site via HTTP) likely won’t work, so the alternative is DNS validation: DNS Validation (dns-01) | Certify The Web Docs
I’m not familiar with other parts of WSUS but in general any service that uses TLS (but isn’t using IIS) can also be assigned a certificate using a combination of Deployment Tasks (under Tasks), things like copying or converting the certificate, applying it via a powershell command, restarting services etc. Deployment Tasks | Certify The Web Docs
If you need an opinion on a particular script or approach please feel free to ask.