I have two Windows 2003 servers, one is an Exchange 2003 server and the other is a Domain Controller. The Exchange server is also running WSUS. All clients are Windows xp and 2000. All computers on the network are running behind my router/firewall in a private ip address range. I only have one public ip address which is configured on my router along with my ISPs DNS servers.
I had to open port 80 to get OWA to work. I want to install an ssl certificate to lock down Exchange. I opened port 443 on my router. I purchased a certificate. Once the certificate is installed and working I plan to close port 80. I would also like to secure WSUS using the same certificate, if possible. My priority is closing port 80 and keeping OWA working.
My problem is in IIS, both Exchange and WSUS are using the default web site. I found the following information in an ebook about WSUS:
You cannot set up the entire WSUS Web site to require SSL. This would mean that all traffic to the WSUS site would have to be encrypted, but WSUS encrypts only update metadata. If a client computer or another WSUS server attempts to get update files from WSUS on the HTTPS port, the transfer will fail.
I made this discovery while attempting to generate a CSR for the web site. How can I make this work? Will WSUS need to be set up on a different web site?