How to configure a Software Update Point to use SSL for communicating with WSUS

This blog post will be about configuring a Software Update Point (SUP) to use SSL for communicating with Windows Server Update Services (WSUS). I know there are many guides out on the web detailing the standard installation of WSUS and a SUP, but not many of them are explaining (or even touching) the HTTPS/SSL configuration. Also, I’ve been getting some questions about this subject lately, so I thought it would be time to dedicate a blog post to this. Very high-level, this post will go through the configuration of WSUS to require SSL communication and the configuration of a SUP to use SSL communication. So, actually the title doesn’t cover the complete blog post. Prerequisites Before we go through the configuration steps of WSUS and …

Read more

What is CMHttpsReadiness.exe?

This time I’ve got a short post about another executable that I’ve found very useful. It’s CMHttpsReadiness.exe, which belongs to the Configuration Manager HTTPS Readiness Assessment Tool. This tool can be used to check the ConfigMgr clients if they are ready for a switch to HTTPS communication. Basically, it simply checks the certificate requirements on a ConfigMgr client device. To be honest this tool even already existed in ConfigMgr 2007, but in those times the executable was named SCCMNativeModeReadiness.exe. As this tool hasn’t been mentioned a lot, I thought it would be worth a short blog post. Usage This tool is installed during the ConfigMgr client installation and can also be found in the ConfigMgr client installation directory. It can simply be started via the …

Read more

How to install clients on Linux computers, when the Site Roles require HTTPS communication in ConfigMgr 2012

About four years ago I did a post about installing the ConfigMgr client on a WORKGROUP computer, when the ConfigMgr Site is in Native Mode. On the certificate side of it, this post will have a lot of similarities with that post. Installing a ConfigMgr client on a Linux computer is a nice challenge, when the ConfigMgr site is configured to require HTTPS. I think I am not the only one working with ConfigMgr and only uses a little tiny bit of Linux. So to make this process for everyone a bit easier I wrote down these four steps for implementing the correct certificates and installing the ConfigMgr client on a Linux computer. Of course these same certificate configuration steps can also be used for …

Read more

Five key configuration steps for implementing Internet-based clients in ConfigMgr 2012

This blog post is about the key configuration steps for implementing Internet-based clients in ConfigMgr 2012. By key configuration steps, I’m talking about the configuration of the web server certificate, IIS, site systems, site system roles and client installations. To understand these steps, knowledge of certificates, IIS and ConfigMgr is required, because it’s not a step-by-step configuration guide. Prerequisites Before going through these steps, there are a few important prerequisites that should be in place: Site systems for Internet-based client management must have connectivity to the Internet and must be in an Active Directory domain. A supporting public key infrastructure (PKI) has to be in place, that can deploy and manage the certificates that the clients require and that are managed on the Internet and …

Read more