This project has moved and is read-only. For the latest updates, please go here.

[Solved] Certificate Validation

Topics: Configuration Issue
Jun 8, 2013 at 1:38 AM
We configured the program per the installation guide. However, when we attempt to connect to the server we receive, " invalid certificate". We installed by generating a certificate so we are stumped as to why we are receiving this error.
We installed WSUS on Server 2008 R2 and will be using the publisher on the same machine. We are in the process of installing two downstream (replica) servers to update a large number of computers in our school district.
Any assistance would be greatly appreciated
Jun 8, 2013 at 1:54 PM
Hi Burntout,
Try to restart the server to take in account the certificate.
Jun 9, 2013 at 1:14 AM
Hi "D",
     Thank's for the reply. Already tried that and didn't work. I also tried trashing the original set up and that didn't work either. So now I'm really stumped. I really would like to get this working for us. My boss didn't think it would work for us buy I told him I would give it a shot anyway. Any help you can offer is appreciated.
/Bob
Jun 9, 2013 at 9:30 AM
Open WPP, connect to the local Wsus server. Go to Help=>About and look at the Server Version.
Go to 'Control panel' => 'Program & Features' => display updates. Search for KB2661254.
If KB2661254 is installed, then your server version MUST be at least at 3.2.7600.251 (that mean the KB2720211 MUST be installed too)

If you install KB2720211, you MUST re-generate the certificate.

Ok, let start over.
  • Open a session as administrator on the Wsus server.
  • Go to Start menu => run => type mmc.exe + enter
  • The MMC console appeare.
  • Go ot File => Add/Remove snappin and choose 'Certificates'. Choose 'Computer Account', 'local computer', 'ok'
  • In the certificat snappin, develop 'Wsus'=>'Certificate'. Delete ALL certificates here.
  • Develop 'Trusted editors'. Delete ALL 'Wsus Publisher self-signed' certificates.
  • Develop 'Trusted Root Certification Authority'. Delete ALL 'Wsus Publisher self-signed' certificates.
  • You should have nomore 'Wsus Publisher self-signed' certificates. Leave the MMC open.
  • Open WPP and connect to the local Wsus.
  • Go To 'Tools' => Certificate => 'Generate the certificate'
  • Once the certificate is generate, click on the 'Save the certificate' button. Save it on a location where there is no other certificates. Remember the location.
  • Close WPP.
  • Return into the Certificate MMC.
  • Verify tha the new certificate if present in the 'Wsus'=>'Certificate' store. (Do a refresh display if necessary).
  • Double click on the new certificate. It should open and indicate that it is valid and you have a private key for it.
  • Develop 'Trusted editors'. Right click on 'Certificate' folder => 'All tasks' => Import. Browse to the location where the new certificate is. and import it.
  • Develop 'Trusted Root Certification Authority'. Right click on 'Certificate' folder => 'All tasks' => Import. Browse to the location where the new certificate is. and import it.
  • Restart the Wsus server.
  • Return to the Certificate MMC. Open the 3 certificates and ensure they are valid.
Open WPP and connect to the local Wsus to see if it's ok.
Marked as answer by DCourtel on 10/5/2013 at 5:37 AM
Jun 10, 2013 at 12:45 PM

Replied on the weekend, thank you. I will check this out and let you know how I make out. Thank you so much for your quick response.

/Bob

Jun 10, 2013 at 1:53 PM

You are fantastic, thank you very much for taking the time to send that step by step guide. It worked!

Have a great day and hopefully I won’t have to bother you again.

/Bob

Jun 10, 2013 at 3:22 PM
Glad to hear that.
Can you share the solution with other.