Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Patch Manager > Use Patch Manager with a CA-signed certificate

Use Patch Manager with a CA-signed certificate

Table of contents

Overview

This article describes how to use Patch Manager with a Certificate Authority (CA) signed certificate.

Environment

Patch Manager 1.85 or later

Steps

  1. Get a Web server SSL cert for WSUS, install and configure on IIS. You can go for external CA vendor or use local Enterprise CA.
  2. Request for a Code Signing cert from an external CA authority (such as Verisign) or use your local Enterprise CA and save the certificate in PKCS#12 (PFX) format containing the private key. This process requires a Code Signing Certificate Signing Request (CSR) to be submitted to the appropriate CA's.
    More info on how to create a Code Signing Certificate Signing Request (CSR) Generation Instructions via MMC certificate snap-in using Microsoft Windows . (© 2017 Symantec Corporation, available at https://www.symantec.com, obtained on December 28, 2017).
  3. Copy the PFX file to the WSUS server or another server used to sign the package.

    See Importing an SPC into a Certificate Store for details. (© 2017 Microsoft Corporation, available at https://www.microsoft.com, obtained on December 28, 2017).

  4. Log in to the Patch Manager server as an administrator in the WSUS Administrators group.
  5. Navigate to:

    C:\Program Files\SolarWinds\Patch Manager\Server

  6. In the command line, execute:

    SolarWinds.Utilities.WSUS2012PlusCertManagement.exe /operation addpfx /pfxfile c:\cert_folder\my_CA_Cert.pfx /pfxfilepassword Passw0rd /targetwsusname . /targetwsusport 8531 /targetwsususessl yes
    

    The signed certificate is placed in the correct certificate stores for Patch Manager to detect when the WSUS server is refreshed in the Patch Manager mmc console.

 

This utility is intended for use on a WSUS server to add or remove a signing certificate. This utility will place the signed certificate in correct certificate stores(Trusted Root and Trusted Publisher) for Patch Manager to detect when the WSUS server is refreshed in the Patch Manager mmc console. 

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified

Tags

Classifications

Public