Use these procedures to publish software updates from the Publications workspace. To publish software updates, you must connect to a Windows Server Update Service (WSUS) server and specify a signing certificate before you can publish the software updates. (The Windows Server Update Service (WSUS) server is also referred to as the update server.) The first procedure describes what you have to do to connect to the WSUS server and specify a signing certificate. (Following that procedure is information that you need to know if Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2.)The second procedure describes how to publish the software updates from the Publications workspace.
To connect to a WSUS server and specify a signing certificate
-
In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.
-
Click Overview.
-
On the Overview page, click Configure WSUS and Signing Certificate.
Important Always publish to the top-level WSUS server in your Configuration Manager environment so that all child sites have access to the Updates Publisher 2011 updates that you publish. -
Select the Enable publishing to an update server check box for Updates Publisher 2011 to publish software updates.
-
Specify whether the software update server is local or remote.
- Click Connect to a local update server
if the software update server and the
Updates Publisher 2011 console are installed on the same
computer.
Important When a custom WSUS website is used for a local update server, and the website is configured to use an HTTP port other than HTTP port 80 or HTTP port 8530, you must select Connect to a remote update server, or the connection to the local update server fails. - Click Connect to a remote update
server if the update server and the
Updates Publisher 2011 console are not on the same
computer. Specify the following settings:
- Select the check box Use SSL when
communicating with the update server to use Secure Socket Layer
(SSL) when you connect to the update server. Use this setting only
when the update server is configured to use SSL.
- Specify the NetBIOS name of the updates
server in the Name box.
- Specify the port that you want to use when
you connect to the update server in the Port box. Use the
HTTP port number if SSL is not used, and use the HTTPS port number
if the check box Use SSL when communicating with the update
server is selected. The default HTTP port is 80, and the
default HTTPS port is 443. Check the update server configuration to
verify which port you should use.
- Select the check box Use SSL when
communicating with the update server to use Secure Socket Layer
(SSL) when you connect to the update server. Use this setting only
when the update server is configured to use SSL.
- Click Connect to a local update server
if the software update server and the
Updates Publisher 2011 console are installed on the same
computer.
-
Click Test Connection to validate that the update server name and port settings are valid. A message appears that indicates whether the connection succeeded or failed. If the connection failed, verify the server name, port settings, and that the update server is accessible, and then test the connection again.
-
If a digital certificate is not detected for the update server, specify a certificate by clicking one the following buttons:
- Browse: Opens a Browse dialog
box in which you select the certificate file. This option is
available only when Updates Publisher is local to the update server
or when you used SSL to connect to a remote update server. Select
the certificate, and then click Create to add the
certificate to the WSUS certificate store on the update server.
- Create: Creates a new certificate, or
uses the certificate that you specified by using Browse, and
adds the certificate to the WSUS certificate store on the update
server. Enter the .pfx file password for certificates that you
selected by using Browse.
- Remove: Removes the certificate from
the WSUS certificate store on the update server. This option is
available only when Updates Publisher 2011 is local to
the update server or when you used SSL to connect to a remote
update server.
Updates Publisher 2011 uses the certificate that is specified here to sign the software updates that are published to the update server. Publishing to the update server fails if the digital certificate specified is not copied to the appropriate certificate stores on the update server, and on the computer running Updates Publisher 2011 if it is remote from the update server. For more information about adding the certificate to the certificate store on the update server, see Managing Security for System Center Updates Publisher 2011.
- Browse: Opens a Browse dialog
box in which you select the certificate file. This option is
available only when Updates Publisher is local to the update server
or when you used SSL to connect to a remote update server. Select
the certificate, and then click Create to add the
certificate to the WSUS certificate store on the update server.
Important |
---|
If Updates Publisher 2011 is installed on a computer
running Windows 2008 Server R2, the following requirements must be
met:
|
To publish software updates
-
In the Updates Publisher 2011 console, click Publications. The workspace is displayed at the bottom of the navigation pane in the console.
-
Select the publication that you want to publish, and then on the Home tab, click Publish. For information about creating a publication, see How to Create a Publication.
Important Software updates that are published as metadata only cannot be used to deploy software packages. Metadata-only publications can be used only for scanning purposes. -
If you have changed your signing certificate and you want to sign all your software updates with a new certificate, select the check box Sign all software updates again with a new publishing certificate when the software updates have not changed after the last time they were published.
-
Click Next.
-
On the Summary page, review the items to be published, and then click Next.
-
On the Confirmation page, review what was published, and then click Close to exit the wizard. Updates Publisher 2011 indicates which software updates were published, if the software update was published with full content or metadata only (software update bundles are always published as metadata only), if the software update was skipped, and if the software update failed to be published. Links to the Updates Publisher 2011 log file are provided if a software update was skipped or if it failed to publish.