Skip to main content

Adding certificates

The following procedure describes how to add certificates to the appropriate certificate folders.

Procedure

  1. Click Start > Run.
  2. Enter MMC on the command line and click OK to open the Microsoft Management Console (MMC).
  3. To add a certificate, click File > Add/Remove Snap-in and click Add.
  4. Click Certificates and click Add.
  5. Select Computer account and click Next. To select another computer, enter the name of the update server or click Browse to find the update server computer. If the update server is on the same server, select Local computer in this window.
  6. Click OK to close the Add/Remove Snap-in wizard.
  7. Expand Certificates and WSUS, and then click Certificates.
    Figure 1. Console 1 - WSUS Certificates
    Console 1 - WSUS Certificates
  8. In the middle pane, right-click the certificate name, select All Tasks, and then click Export.
    The Certificate Export Wizard starts.
  9. Use the default settings to create an export file with the name and location specified in the wizard.
    This file must be available to the update server before proceeding to the next step.
  10. Right-click Trusted Publishers, select All Tasks and click Import.
    Complete the Certificate Import Wizard using the exported file from step 6.
  11. If a self-signed certificate is being used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, select All Tasks, and then select Import.
    Complete the Certificate Import Wizard using the exported file from step 6.
  12. If the Updates Publisher computer is a remote computer to the update server, repeat steps 7 and 8 to import the certificate to the certificate folder on the Updates Publisher computer.
    On client computers, the Windows Update Agent scans for updates.
    Important
    The first installation action will fail if it cannot locate the digital certificate in the Trusted Publishers folder on the local computer. If a self-signed certificate was used when publishing the updates catalog, such as WSUS Publishers Self-signed, the certificate must also be in the Trusted Root Certification Authorities certificate folder on the local computer to verify the validity of the certificate.