WSUS Supportability Statement on HTTPS Inspection

WSUS Supportability Statement on HTTPS Inspection

Scenario

The implementation of HTTPS Inspection to inspect the traffic between Microsoft Update and a WSUS server as shown below is not supported:

More information about this Scenario

For more information on how HTTPS Inspection works on Forefront TMG 2010 read the article below:
http://technet.microsoft.com/en-us/magazine/ff472472.aspx

Supportability Statement

By allowing WSUS to accept another certificate that the actual Microsoft certificate for Microsoft Update, would not allow WSUS to be confident that the metadata actually comes from Microsoft Update. Therefore, this scenario is not supported.

More Details

WSUS uses HTTPS only for the transmission of update metadata between WU/MU and the WSUS server. This metadata has no executable content. All update content is transferred over HTTP and is validated with signature checks.  

Leave a Comment
  • Please add 8 and 4 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 4. Comment: Added tags: en-US, has image

  • Yuri Diogenes [MSFT] edited Revision 3. Comment: Adding more details section

  • Yuri Diogenes [MSFT] edited Original. Comment: remove extra ENTER

Page 1 of 1 (3 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Yuri Diogenes [MSFT] edited Original. Comment: remove extra ENTER

  • Yuri Diogenes [MSFT] edited Revision 3. Comment: Adding more details section

  • Carsten Siemens edited Revision 4. Comment: Added tags: en-US, has image

Page 1 of 1 (3 items)