Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Patch Manager > Use Patch Manager with a CA Signed Certificate

Use Patch Manager with a CA Signed Certificate

Table of contents
Created by Erica Gill, last modified by Randall Harwood on Jun 06, 2017

Views: 262 Votes: 2 Revisions: 10


This article provides steps to use a CA signed certificate with WSUS to allow Patch Manager's WSUS issued signing certificate is part of the CA hierarchy.


Patch Manager 1.85 or later


  1. Generate the CA signed certificate for use with WSUS in a pfx form containing the private key. (The CA signing process requires a csr be generated.)
  2. Copy the pfx file to the WSUS server.
  3. Log in with a local administrator which is a member of the WSUS administrators group to the Patch Manager server.
  4. Use the SolarWinds.Utilities.WSUS2012PlusCertManagement.exe utility, located in C:\Program Files\SolarWinds\Patch Manager\Server\ by default, to automatically provision the certificate.


This utility is intended for use on a WSUS server to add or remove a signing certificate.
/operation <createselfsigned | addpfx | deletecertificate | createandaddselfsigned>
/targetwsusname <FQDN or NetBIOS name of the wsus server>
/targetwsusport <portnumber> (NOTE: optional and defaults to 80 for non-SSL and 443 for SSL)
/targetwsususessl <yes | no> (NOTE: optional and defaults to no)
/pfxfile <fully qualified file name> (NOTE: only required when using addpfx. MUST BE USING SSL!)
/pfxfilepassword <password> (NOTE: only required when using addpfx or deletecertificate. MUST BE USING SSL!)


For example:

"C:\Program Files\SolarWinds\Patch Manager\Server\SolarWinds.Utilities.WSUS2012PlusCertManagement.exe" /operation addpfx /pfxfile c:\cert_folder\my_CA_Cert.pfx /pfxfilepassword Passw0rd /targetwsusname . /targetwsusport 8531 /targetwsususessl yes


*Note When adding a pfx file you must have SSL Turned on and be using the SSL port for Targetwsusport



This utility will place the signed certificate in correct certificate stores for Patch Manager to detect when the WSUS server is refreshed in the Patch Manager mmc console.


After the above it should be possible to deploy packages.



Note: This process requires the use of a pfx file containing the private key.




Last modified
13:02, 6 Jun 2017