Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

Updated January 24, 2018

Overview

This article addresses the following Microsoft KB article related to WSUS:

An update for Windows Server Update Services 3.0 Service Pack 2 is available (KB2734608) (© 2017 Microsoft, available at https://support.microsoft.com, obtained on May 11, 2017.)

Environment

All Patch Manager Versions

Issue

Microsoft released KB2734608 to prepare WSUS for an upcoming Microsoft update that blocks all RSA-based certificates with a key length of 1024 bits or less. After you apply this update, your WSUS server generates 2048-bit publishing certificates instead of the non-secure 512-bit certificates. This update can impact your current Patch Manager deployment. 

Steps

After you apply the KB2734608 update, SolarWinds recommends that you regenerate all WSUS publishing certificates to ensure a seamless transition in your deployment.

Due to the relationship these certificates have with your previously-published packages and your client systems, the general procedure for this process is:

  1. Apply Microsoft KB2734608 on your Patch Manager server (Primary Application Server).
  2. Generate the new publishing certificate(s) using the procedure in this article. Do not distribute the existing WSUS signing certificate to your publishing servers. 
  3. Re-provision all systems with the new certificate. This includes the Patch Manager and WSUS servers/consoles and all managed clients.

See Configure the publishing servers in the Patch Manager Administrator Guide for additional details.

Generate a new publishing certificate

Perform the following steps to generate a new publishing certificate for your Patch Manager server, upstream and downstream WSUS servers, and all managed clients in your Patch Manager deployment:

  1. Back up your Patch Manager server
  2. Log in to the Patch Manager Administrator Console as an administrator. 
  3. In the navigation pane, expand Administration and Reporting and select Software Publishing.
    SPM-Admin-Guide-Select-Software-Publishing.png
  4. In the Actions pane, click Server Publishing Setup Wizard.
  5. Complete the fields in the Provision WSUS Server for Publishing Wizard.
    Provision-WSUS-Server-For-Publishing-Wizard.png
    1. Click the WSUS Server drop-down menu and select your WSUS server.
      Patch Manager populates the remaining fields.
      WSUS-Server-Populate-Fields.png 
    2. Select Create self-signed certificate, and click Next.
    3. Review the content in the dialog box, and click Yes to continue.
      Confirm-Dialog-Box.png
  6. Select the Patch Manager servers, publishing servers, and downstream servers that require the publishing certificate, and then click Next.
  7. Review the summary screen for any errors, and click Finish.
    A dialog box displays, instructing you to configure your managed clients.
  8. In the dialog box, click OK. 
  9. Re-provision all systems with the new certificate. This includes the publishing servers, upstream and downstream WSUS servers, and all managed clients.
Last modified

Tags

Classifications

Public