Add a Digital Certificate to Windows Server Update Services (WSUS)
Before you can deploy third-party patches in WSUS, you must prepare the WSUS server.
To add a Digital Certificate to WSUS:
| 1. | Create the following Registry Key: |
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup]
"EnableSelfSignedCertificates"=dword:00000001
| 2. | Add a Code Signing Digital Certificate to WSUS. |
You have two options:
| • | Add a Code Signing Digital Certificate you already have to WSUS |
| • | Have the Daemon generate a new code signing certificate |
Add a Code Signing Digital Certificate you already have to WSUS
Open a command prompt and enter (replace <pfxFile> with a path to your pfx file and replace [password] with the pfx file password):
cd "c:\Program Files\Flexera Software\SVM Daemon"
svmpd.exe UseCert <pfxFile> [password]
Have the Daemon generate a new code signing certificate
Open a command prompt and enter:
cd "c:\Program Files\Flexera Software\SVM Daemon"
svmpd.exe NewCert
Once you have added a certificate, you need to deploy the certificate to machines that will receive the patches (they need to trust the patched from WSUS). See the next topic for this.