Configure SSL for downstream WSUS servers
The following instructions configure a downstream server to synchronize to an upstream server that uses SSL.
To synchronize a downstream server to an upstream server that uses SSL
- Log on to the computer by using a user account that is a member of the local Administrators group or the WSUS Administrators group.
- Click start, click All Programs, click Administrative Tools, and then click Windows Server Update Service.
- In the right pane, expand the server name.
- Click Options, and then click Update Source and Proxy Server.
- On the Update Source page, select Synchronize from another Windows Server Update Services server.
- Type the name of the upstream server into the Server name text box. Type the port number that the server uses for SSL connections into the Port number text box.
- Select the Use SSL when synchronizing update information check box, and then click OK.
Configure SSL on the WSUS server
WSUS requires two ports for SSL: one port that uses HTTPS to send encrypted metadata, and one port that uses HTTP to send updates. When you configure WSUS to use SSL, consider the following:
You cannot configure the whole WSUS website to require SSL because all traffic to the WSUS site would have to be encrypted. WSUS encrypts update metadata only. If a computer attempts to retrieve update files on the HTTPS port, the transfer will fail.
If the Answer is helpful, please click Accept Answer
and up-vote, this can be beneficial to other community members.