Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Use Patch Manager with a CA-signed certificate

Use Patch Manager with a CA-signed certificate

Table of contents


This article describes how to use Patch Manager with a Certificate Authority (CA) signed certificate.


Patch Manager 1.85 or later


  1. Get a Web server SSL cert for WSUS, install and configure on IIS. You can go for external CA vendor or use local Enterprise CA.
  2. Request for a Code Signing cert from an external CA authority (such as Verisign) or use your local Enterprise CA and save the certificate in PKCS#12 (PFX) format containing the private key. This process requires a Code Signing Certificate Signing Request (CSR) to be submitted to the appropriate CA's.
    More info on how to create a Code Signing Certificate Signing Request (CSR) Generation Instructions via MMC certificate snap-in using Microsoft Windows . (© 2018 Digicert Corporation, available at, obtained on Feburary 5, 2019).
  3. Copy the PFX file to the WSUS server or another server used to sign the package.

    See Importing an SPC into a Certificate Store for details. (© 2017 Microsoft Corporation, available at, obtained on December 28, 2017).

  4. Log in to the Patch Manager server with an account that is part of the WSUS Administrators group.
  5. Navigate to:

    C:\Program Files\SolarWinds\Patch Manager\Server

  6. In the command line, execute:

    SolarWinds.Utilities.WSUS2012PlusCertManagement.exe /operation addpfx /pfxfile c:\cert_folder\my_CA_Cert.pfx /pfxfilepassword Passw0rd /targetwsusname . /targetwsusport 8531 /targetwsususessl yes

    The signed certificate is placed in the correct certificate stores for Patch Manager to detect when the WSUS server is refreshed in the Patch Manager mmc console.


This utility is available from PM server and is intended to add or remove a signing certificate(s) on WSUS servers. This utility will place the signed certificate in correct certificate stores(Trusted Root and Trusted Publisher) for Patch Manager to detect when the WSUS server is refreshed in the Patch Manager mmc console. 


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.



Last modified