Submit a ticketCall us
Home > Success Center > Patch Manager > Manual push a publishing certificate to downstream WSUS servers

Manual push a publishing certificate to downstream WSUS servers

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 217 Votes: 2 Revisions: 10


This article provides steps to manually push a  publishing certificate to your downstream WSUS servers


The Patch Manager console includes a Server Publishing Setup Wizard to help provision publishing servers with the necessary certificates for local publishing. However, sometimes connectivity or security requirements make this wizard impractical or even impossible for use. In these cases, use the following procedures to manually provision your publishing servers:

  • Export the publishing certificate from WSUS to a file.
  • Import the certificate to the appropriate stores on the downstream publishing server(s).


All Patch Manager versions



Exporting the WSUS Certificate

To provision downstream publishing servers with a WSUS certificate, first export it from the upstream WSUS server. The following procedure illustrates how to do this on the Patch Manager console.


To export a WSUS publishing certificate from the Patch Manager console:

  1. In the left pane of the Patch Manager console, expand Enterprise > Update Services.
  2. In the center pane, select the WSUS server from which you want to export the certificate.
  3. In the Actions pane (right), click Software Publishing Certificate.
  4. If this dialog does not display the WSUS server's certificate information:
    1. Click Close.
    2. Click Refresh Update Server in the Actions pane.
    3. Re-open the Software Publishing Certificate dialog.
  5. Click ....
  6. Click the Details tab.
  7. Click Copy to File.
  8. Click Next.
  9. Leave DER encoded binary X.509 (.CER) selected, and then click Next.
  10. Specify a name and location in the File name field, and then click Next.
  11. Click Finish.
  12. Click OK.


Importing the WSUS Certificate

After you have exported the certificate to a file, import the certificate file to both the Trusted Root Certification Authorities and Trusted Publishers stores. The following procedure illustrates how to do this using Group Policy on Windows Server 2008 domains.


To import a WSUS publishing certificate in Windows 2008:

  1. Open Group Policy Management on a Windows Server 2008 domain controller: Start > Administrative Tools > Group Policy Management.
  2. Create a new Group Policy Object for the certificate at the domain level:
    1. Select the domain you want to use, and then click Action > Create a GPO in this domain, and Link it here.
    2. Enter a name for the GPO. For example, enter Publishing Server Configuration Policy.
    3. Click OK.
  3. Select the new object, and then click Action > Edit.
  4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  5. Import the WSUS publishing certificate to the Trusted Root Certification Authorities and Trusted Publishers stores:
    1. Under Public Key Policies, select Trusted Root Certification Authorities.
    2. Click Action > Import.
    3. Click Next.
    4. Click Browse, and then browse to the certificate you saved in the previous procedure.
    5. Click Next.
    6. Click Next again.
    7. Click Finish.
    8. On the success dialog, click OK.
    9. Repeat these steps for the Trusted Publishers certificate store.
  6. If you plan to install 3rd-party updates on the server itself:
    1. Expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Update.
    2. In the center pane, select Allow signed updates from an intranet Microsoft update service location.
    3. Click Action > Edit.
    4. Select Enabled.
    5. Click OK.
  7. Manually enforce the Group Policy Object.


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Last modified
01:06, 23 Jun 2016