Hi,
I am managing an organisation that contains:
- An Active Directory managed by a DC DC.domain.lan.
- A WSUS Server hosted on a Windows Server 2016 server, called WSUS and out of the domain managed by the DC. There is a DNS resolution parameter that allows to resolve the domain name wsus.domain.lan to the IP of the WSUS, but it is not part of the AD.
- The DC uses a self-signed RootCA certificate and a SubCA certificate to issue certificates.
- The WSUS server has the RootCA certificate installed in its Internal Certification Authority group.
Everything worked fine until I enabled SSL on the WSUS with the following actions:
- create a certificate request on the WSUS that contains the following information:
- Object: WSUS
- Alternate object name: DNS name=wsus.domain.lan
- Name: SSL-WSUS
- validate the request on the DC and get the certificate, issued by the authority SubCA
- install the certificate on the WSUS server
- Edit bindings of the WSUS Administration site and select the SSL certificate SSL-WSUS on the https binding on port 8531
- require SSL on ApiRemoting30, ClientWebService, DssAuthWebService, ServerSyncWebService and SimpleAuthWebService
- run
wsusutil.exe configuressl wsus
, which returns: URL: https://wsus:8531
. (At this point I'm not sure if I should use wsus
or wsus.domain.lan
)
- reboot
- start the WSUS Administration Console and click on "connect to server". I entered "WSUS" as the server name and port 8531, but I get the error: "Cannot connect to <<WSUS>>. The SSL certificate of the server could not be validated". (Translated from French so it may not be 100% accurate).
- I also tried to enter the name "WSUS.domain.lan" but I get a different error: "Cannot connect to <<WSUS.DOMAIN.LAN>>. Check that the post-installation task is finished on this server".
I feel like I followed all the instructions to successfully enable SSL on the WSUS server but I can't connect anymore to the administration console. What did I do wrong?