How to Turn On SSL Support for Your Software Update Services Administration Site (326312)


The information in this article applies to:

  • Microsoft Software Update Services, version 1.0
This article was previously published under Q326312

SUMMARY

You can administer a server that is running Software Update Services by using Microsoft Internet Explorer from a remote computer. By default, all administration is performed over the HTTP protocol by using the following address:

http://susserver/susadmin

Only users who have local administrator permissions on the server on which Software Update Services is installed can use the administration Web site. However, using the HTTP protocol means that all communications are sent by using clear text (without any encryption) over the network during the administration session.

There are two methods for using secure administration:
  • Administer the server only locally, not from a remote computer.
  • Use secure the secure HTTPS protocol with Secure Sockets Layer (SSL) for server administration.

MORE INFORMATION

To use HTTPS, follow these steps to turn on SSL:
  1. Obtain a valid digital certificate for server authentication from your organization. This certificate must be stored in the local machine store on the server that you want to administer.For additional information about how to obtain an SSL certificate, click the article numbers below to view the articles in the Microsoft Knowledge Base:

    228821 Generating a Certificate Request File Using the Certificate Wizard in IIS 5.0

    228836 Installing a New Certificate with Certificate Wizard for Use in SSL/TLS

  2. Apply the certificate:
    1. Start the Microsoft Internet Information Services (IIS) Administration snap-in.
    2. Right-click the Web site on which Software Update Services is installed, and then click Properties. Software Update Services is typically installed under the Default Web site.
    3. On the Web Site tab, set the SSL port to 443.
    4. On the Directory Security tab, click Server Certificate. This starts the Web Server Certificate Wizard. Click Next.
    5. Click Assign an existing certificate, and then click Next.
    6. Click the certificate that you created for SSL authentication, and then click Next.
    7. Confirm that this is the correct certificate, and then click Next.
    8. Click Finish.
    9. Click OK to close the dialog box.
  3. Turn on SSL for the correct folders:
    1. In the left pane, right-click the Autoupdate\Administration folder, and then click Properties.
    2. Click the Directory Security tab.
    3. Under Secure Communications, click Edit.
    4. Click to select the Require secure channel (SSL) check box.
    5. Click to select the Require 128-bit encryption check box.
    6. Click OK, and then click OK.
    7. Repeat these steps for the Autoupdate\Dictionaries, Shared, and Content\EULA folders.

      Note that the Content\EULA folder does not appear until Software Update Services has performed at least one successful synchronization.
To test the process, visit this Web site to start administration:

https://susserver/susadmin

The Automatic Updates client version 2.2 uses only port 80 to detect updates on your Software Update Services server. If the root of the Web site, the /Content virtual root, or the /Selfupdate virtual root is configured to use SSL, the Automatic Updates client cannot detect updates from your Software Update Services server.
Modification Type:MajorLast Reviewed:10/26/2002
Keywords:kbenv kbinfo KB326312
©2002 Microsoft Corporation. All rights reserved.