Creating a certificate from a trusted CA offers a couple of advantages:
- Distribution: Eliminates the need to distribute the certificate to other machines in the same domain.
- Management: Simplifies management because the certificate can be managed the same way as other certificates in your environment.
Follow your normal process for creating a certificate from your internal CA. After you have created the certificate you must write it to the WSUS server. You can do this using the Import Certificate feature in Patch for Configuration Manager. See the section titled Importing a Certificate for more details.