Before you can deploy third-party patches in WSUS, you must prepare the WSUS server.
Add a Digital Certificate to WSUS:
| 1. | Create the following Registry Key: |
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup]
"EnableSelfSignedCertificates"=dword:00000001
| 2. | Add a Code Signing Digital Certificate to WSUS. |
You have two options:
| • | Add a Code Signing Digital Certificate you already have to WSUS |
| • | Have the Daemon generate a new code signing certificate |
Add a Code Signing Digital Certificate you already have to WSUS
Open a command prompt and enter (replace <pfxFile> with a path to your pfx file and replace [password] with the pfx file password):
cd "c:\Program Files\Flexera Software\SVM Daemon"
svmpd.exe UseCert <pfxFile> [password]
Have the Daemon generate a new code signing certificate
Open a command prompt and enter:
cd "c:\Program Files\Flexera Software\SVM Daemon"
svmpd.exe NewCert
Once you have added a certificate, you need to deploy the certificate to machines that will receive the patches (they need to trust the patched from WSUS). See the next topic for this.
Software Vulnerability Research Help LibraryMay 2019 |
Copyright Information | Flexera |