Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Patch Manager > How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

Updated January 24, 2018

Overview

This article addresses the following Microsoft KB article related to WSUS:

An update for Windows Server Update Services 3.0 Service Pack 2 is available (KB2734608) (© 2017 Microsoft, available at https://support.microsoft.com, obtained on May 11, 2017.)

Environment

All Patch Manager Versions

Issue

Microsoft released KB2734608 to prepare WSUS for an upcoming Microsoft update that blocks all RSA-based certificates with a key length of 1024 bits or less. After you apply this update, your WSUS server generates 2048-bit publishing certificates instead of the non-secure 512-bit certificates. This update can impact your current Patch Manager deployment. 

Steps

After you apply the KB2734608 update, SolarWinds recommends that you regenerate all WSUS publishing certificates to ensure a seamless transition in your deployment.

Due to the relationship these certificates have with your previously-published packages and your client systems, the general procedure for this process is:

  1. Apply Microsoft KB2734608 on your Patch Manager server (Primary Application Server).
  2. Generate the new publishing certificate(s) using the procedure in this article. Do not distribute the existing WSUS signing certificate to your publishing servers. 
  3. Re-provision all systems with the new certificate. This includes the Patch Manager and WSUS servers/consoles and all managed clients.

See Configure the publishing servers in the Patch Manager Administrator Guide for additional details.

Generate a new publishing certificate

Perform the following steps to generate a new publishing certificate for your Patch Manager server, upstream and downstream WSUS servers, and all managed clients in your Patch Manager deployment:

  1. Back up your Patch Manager server
  2. Log in to the Patch Manager Administrator Console as an administrator. 
  3. In the navigation pane, expand Administration and Reporting and select Software Publishing.
    SPM-Admin-Guide-Select-Software-Publishing.png
  4. In the Actions pane, click Server Publishing Setup Wizard.
  5. Complete the fields in the Provision WSUS Server for Publishing Wizard.
    Provision-WSUS-Server-For-Publishing-Wizard.png
    1. Click the WSUS Server drop-down menu and select your WSUS server.
      Patch Manager populates the remaining fields.
      WSUS-Server-Populate-Fields.png 
    2. Select Create self-signed certificate, and click Next.
    3. Review the content in the dialog box, and click Yes to continue.
      Confirm-Dialog-Box.png
  6. Select the Patch Manager servers, publishing servers, and downstream servers that require the publishing certificate, and then click Next.
  7. Review the summary screen for any errors, and click Finish.
    A dialog box displays, instructing you to configure your managed clients.
  8. In the dialog box, click OK. 
  9. Re-provision all systems with the new certificate. This includes the publishing servers, upstream and downstream WSUS servers, and all managed clients.
Last modified

Tags

Classifications

Public