Hi,
Firstly, thanks Niall and all the contributors for this great website, it's been a really useful resource over the years.
The Primary Site server has a DP, MP and SUP role which are set to Intranet client only using HTTP.
I'm looking at setting up a Remote Site System in the DMZ for management of Internet-Based clients -
Both servers are running Windows Server 2012 R2.
I've duplicated the certificate templates based on the Technet Step-by-Step guide and have enrolled them. (I left the Subject blank, and entered both the Intranet and Internet FQDN, despite this server only expecting to manage Internet-Clients).
The Site System Properties have been configured with both the servers Intranet FQDN and Internet FQDN (which has been registered in Public DNS).,
The Default website has the Web Server certificate bound to port 443.
The MP and DP roles have been installed and set to 'Allow Internet-Only Connections', and although I haven't had a chance to test with a client yet, judging by the logs they appear to be working as expected.
Despite this, I have some questions over configuring WSUS and the SUP for SSL.
Would someone be able to clarify the following, as the information I've found in various blogs and on Technet is useful but seems inconsistent -
I understand that I can use the same Web Server certificate which is bound to Default Website on the WSUS Administration website (on port 8531), but when requesting the Web Server certificate and entering the "More information is required to enroll for this certificate", should Subject have been populated with the Internal Server FQDN, the Internet FQDN or left blank?
If the SUP will only be servicing Internet Clients, what needed to go in the Alternative Name? Only Internet FQDN, or Internet FQDN and Intranet FQDN?
Given that the Internet FQDN and Intranet FQDN are different, when running the WSUSUTIL CONFIGURESSL command, should internal or external FQDN be entered?
Thanks.