Wikis - Page Details

First published by Yuri Diogenes [MSFT] (cMicrosof)
When: 14 Dec 2011 1:23 PM
Last revision by Carsten Siemens (eMicrosoft Partne)
When: 23 Aug 2013 2:32 PM
Revisions: 6
Comments: 3

Options

Can You Improve This Article?

Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.

WSUS Supportability Statement on HTTPS Inspection

Scenario

The implementation of HTTPS Inspection to inspect the traffic between Microsoft Update and a WSUS server as shown below is not supported:

More information about this Scenario

For more information on how HTTPS Inspection works on Forefront TMG 2010 read the article below:
http://technet.microsoft.com/en-us/magazine/ff472472.aspx

Supportability Statement

By allowing WSUS to accept another certificate that the actual Microsoft certificate for Microsoft Update, would not allow WSUS to be confident that the metadata actually comes from Microsoft Update. Therefore, this scenario is not supported.

More Details

WSUS uses HTTPS only for the transmission of update metadata between WU/MU and the WSUS server. This metadata has no executable content. All update content is transferred over HTTP and is validated with signature checks.