Your Wsus server is at level 256, so KB2720211 and KB2734608 are installed. Since KB2720211, Wsus server issued out 2048 bits Self-signed certificates.
WPP doesn't create any certificate by its own for Wsus 3.0 SP2 (Server 2003R2, 2008, 2008R2) nor 6.2 (Server 2012). But only for Wsus 6.3 (Server 2012
To check the bit length of the private key of the certificate :
- Open WPP.
- Connect to the server.
- Go to "Help" -> "About"
If you need to generate another certificate, go to "Tools" -> "Certificate" and click on the buton "Generate the certificate".
You may want to delete the previous certificate before (use certmgr.msc)
Once the new certificate is created, do not forget to distribute it to clients computers. Also, you will need to re-sign all already published packages.
And on some computers (many works.) get the following error: WARNING: Error: 0x80096004 when verifying trust
This let me think that the problem is on clients computers instead of on the server. Can you check that clients computers have the correct certificate in correct store ("Trusted root authority" and "Trusted Publisher"). Also, you may want
to check that the registry key :
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AcceptTrustedPublisherCerts is set to 1