Publish Server Certificate

In order to deploy 3rd party updates via WSUS, the server and the clients have to have the same self-signed certificate.

1. Launch Recast Application Manager and open WSUS-integration tab. Click Generate in the Server certificate section.

2. If there is no existing certificate (absent) on the server one will be created. If there already is a certificate (valid or not) Application Manager will confirm for replacing it. Click Yes if you would like to replace an existing certificate.

3. When a valid certificate exists, it must be deployed to clients in order to deploy the software updates. We recommend doing this by using a group policy object. Export the certificate by clicking Export button and save it to a location where you can access it with GPO management tool.

4. Open up Group Policy Management (gpmc.msc). Create a new GPO in a proper place and name it.

5. Edit it. And open the following container: Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.

6. Import the certificate to two different certificate-containers (Trusted Root Certification Authorities & Trusted Publishers) by clicking Import.

7. In the Certificate Import Wizard, click Next.

8. Browse for the certificate, open it and click Next.

9. On the Certificate Store page, click Next.

10. Click Finish.

11. Make sure that a similar certificate is in both of the certificate-containers: Trusted Root Certification Authorities and Trusted Publishers.

As soon as the GPO is refreshed on the computers, WSUS 3rd party deployments can be done.