Chian - You will need a code signing cert for SCUP/WSUS to use when signing the updates. The clients need to trust that certificate. If you use a self-signed certificate, the clients won't trust it until you distribute it to the Trust Root Certificate Authority and Trusted Publisher certificate stores. If you use PKI, the cert issuer is already trusted, so it only needs to be distributed to the Trusted Publisher certificate store.
Read the article I sent you a link to<http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/>, and the walk through that they reference<https://mikeshellenberger.wordpress.com/2010/09/02/system-center-updates-publisher-microsoft-pki/>. You can distribute the certificate with Group Policy or by adding the certificate registry key with ConfigMgr. From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Wednesday, November 4, 2015 7:26 AM To: [email protected] Subject: RE: [mssms] SCUP Nope, its all clients you want to deploy SCUP patches to. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Wednesday, November 04, 2015 10:22 AM To: '[email protected]' Subject: RE: [mssms] SCUP When you say deploy to clients, you're not talking the entire environment, right? This is just for the box where you have SCUP installed? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Wallace Sent: Tuesday, November 03, 2015 11:33 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] SCUP This is a code signing certificate. You will need to create a new one and deploy it to clients per the documentation From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Chian, Richard R Sent: 03 November 2015 23:08 To: [email protected]<mailto:[email protected]> Subject: [mssms] SCUP My current environment: Config Manager 2012 SP1 with internal PKI infrastructure, we want to implement SCUP and would like to know if we can use the current machine's client authentication cert used by CM, instead of having to create a new CERT for SCUP and having to deploy it all clients? Appreciate the responses. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
