Purpose
This document will show you how to use the Shavlik Patch Plugin to create a self-signed certificate, and then how to export/import the created certificate to the correct locations.
Description
Creating the self-signed certificate
If you have successfully connected to your WSUS server via SSL you will be able to create a self-certificate through the Shavlik Patch Settings > WSUS Server options.
Here are the steps:
1. Open the Shavlik Patch Settings window by right clicking on Shavlik Patch, then click Settings.
Note: Shavlik Patch will be under Software Library > Software Updates.
Image may be NSFW.
Clik here to view.
2. Within the Shavlik Patch Settings, on the WSUS Server tab:
-First ensure you have an SSL connection to your WSUS server. Test the connection to ensure it's working.
-Then click the 'Create a self-signed certificate' button.
Image may be NSFW.
Clik here to view.
NOTE: If you receive the following error, resort to this document (Error Creating a Self-signed Certificate) before proceeding to the next steps:
Image may be NSFW.
Clik here to view.
If you do not see the above error, continue with the steps below.
3. You'll receive a warning message that gives you some straight-forward information about what should be done with the certificate. Click OK.
Image may be NSFW.
Clik here to view.
4. Export the certificate so you can distribute it as needed. Click the 'Export' button within the Shavlik Patch Settings. You will be prompted to save the certificate. You will need a copy of the certificate for the following steps so make sure you will be able to copy this file to other computers/locations.
Image may be NSFW.
Clik here to view.
Importing the certificate
On any systems where you need to distribute the certificate, you can either use GPO to push the certificate which is covered in a technet blog here, or you can manually do so via MMC using the steps below:
1. Open MMC. Make sure to run as an Administrator.
Note: In the screenshot below the Start menu is set to use a third party app called Classic Shell so it may appear different from your 2012 server.
Image may be NSFW.
Clik here to view.
2. File > Add/Remove Snap-in
Image may be NSFW.
Clik here to view.
3. Highlight Certificates> click Add.
Image may be NSFW.
Clik here to view.
4. Choose 'Computer account'. Click Next.
Image may be NSFW.
Clik here to view.
5. Leave defaults under 'Select Computer'. Click Finish.
Image may be NSFW.
Clik here to view.
6. Expand Certificates. Expand Trusted Root Certification Authorities. Right click Certificates, then choose All Tasks> Import.
Image may be NSFW.
Clik here to view.
7. This brings up the Certificate Import Wizard. Click Next.
Image may be NSFW.
Clik here to view.
8. This is where you will need a copy of the self-signed certificate generated earlier. Browse to and choose the certificate, then click Next.
Image may be NSFW.
Clik here to view.
9. Make sure you are placing the cert in the correct certificate store (Trusted Root Certification Authorities for this step). Click Next.
Image may be NSFW.
Clik here to view.
10. You will be given a summary. Click Finish.
Image may be NSFW.
Clik here to view.
11. You should receive a message stating 'The import was successful.' Click OK.
Image may be NSFW.
Clik here to view.
12. Verify you now see the self-signed certificate listed. It should appear as 'WSUS Publishers Self-signed'.
Image may be NSFW.
Clik here to view.
13. Repeat the same steps for Trusted Publishers.
Image may be NSFW.
Clik here to view.
14. You should end up with the WSUS Self-signed certificate under both Trusted Root Certification Authorities > Certificates and Trusted Publishers > Certificates.
Image may be NSFW.
Clik here to view.
Additional Information
For more information, refer to the Shavlik Patch Guide, and see the section APPENDIX A : CREATING AND DISTRIBUTING CERTIFICATES
Affected Product(s)
Shavlik Patch for Microsoft System Center
Clik here to view.