Skip to content

Commit ba2f33c

Browse files
mestewmestew
committed
2111-certpinningcmg-12590425
1 parent 448c8af commit ba2f33c

1 file changed

Lines changed: 4 additions & 3 deletions

File tree

memdocs/configmgr/sum/get-started/software-update-point-ssl.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ description: Tutorial - Configure Windows Server Update Services (WSUS) servers
55
author: mestew
66
ms.author: mstewart
77
manager: dougeby
8-
ms.date: 04/05/2021
8+
ms.date: 01/14/2022
99
ms.topic: tutorial
1010
ms.prod: configuration-manager
1111
ms.technology: configmgr-sum
@@ -291,7 +291,8 @@ Starting in Configuration Manager 2103, you can further increase the security of
291291
- Add the certificates for your WSUS servers to the new `WindowsServerUpdateServices` certificate store on your clients
292292

293293
> [!Note]
294-
> Software update scans for devices will continue to run successfully using the default value of **Yes** for the **Enforce TLS certificate pinning for Windows Update client for detecting updates** client setting. This includes scans over both HTTP and HTTPS. The certificate pinning doesn't take effect until a certificate is in the client's `WindowsServerUpdateServices` store and the WSUS server is configured to use TLS/SSL.
294+
> - Software update scans for devices will continue to run successfully using the default value of **Yes** for the **Enforce TLS certificate pinning for Windows Update client for detecting updates** client setting. This includes scans over both HTTP and HTTPS. The certificate pinning doesn't take effect until a certificate is in the client's `WindowsServerUpdateServices` store and the WSUS server is configured to use TLS/SSL.
295+
> - When using certificate pinning with a cloud management gateway (CMG), the `WindowsServerUpdateServices` store needs the CMG certificate. If clients switch from internet to VPN both the CMG and WSUS server certificates are needed in the `WindowsServerUpdateServices` store. <!--12590425-->
295296
296297

297298
### Enable or disable TLS certificate pinning for devices scanning HTTPS-configured WSUS servers
@@ -306,4 +307,4 @@ Starting in Configuration Manager 2103, you can further increase the security of
306307

307308
## Next steps
308309

309-
[Deploy software updates](../deploy-use/deploy-software-updates.md)
310+
[Deploy software updates](../deploy-use/deploy-software-updates.md)

0 commit comments

Comments
 (0)