Patch for SCCM

Certificate Overview

A code signing certificate is required when using Patch for SCCM with Configuration Manager and WSUS to publish third-party updates. In general, you must:

1.Create a code signing certificate.

You can do this using either an internal Certificate Authority (CA) or your WSUS server.

2.(Conditional) If you use an internal CA to create the code signing certificate, you must import the certificate into WSUS, which you can do using Patch for SCCM.

If you use WSUS to create the code signing certificate, the certificate will be automatically imported into WSUS.

3.Export the certificate.

4.Distribute the code signing certificate to the appropriate certificate stores on all your WSUS servers, your remote SCCM consoles and to your client machines.

Trusted Publishers certificate store

Trusted Root Certificate Authorities certificate store

This section provides details on how to accomplish each of these tasks.


Was this article useful?