The implementation of HTTPS Inspection to inspect the traffic between Microsoft Update and a WSUS server as shown below is not supported:
For more information on how HTTPS Inspection works on Forefront TMG 2010 read the article below: http://technet.microsoft.com/en-us/magazine/ff472472.aspx
By allowing WSUS to accept another certificate that the actual Microsoft certificate for Microsoft Update, would not allow WSUS to be confident that the metadata actually comes from Microsoft Update. Therefore, this scenario is not supported.
WSUS uses HTTPS only for the transmission of update metadata between WU/MU and the WSUS server. This metadata has no executable content. All update content is transferred over HTTP and is validated with signature checks.
Carsten Siemens edited Revision 4. Comment: Added tags: en-US, has image
Yuri Diogenes [MSFT] edited Revision 3. Comment: Adding more details section
Yuri Diogenes [MSFT] edited Original. Comment: remove extra ENTER