How to apply SSL certs to NetSUS?

SlidewaysF30
New Contributor III

How does one apply SSL certs to a NetSUS box? I am not quite sure where to install them so I wanted to see if anyone had a step-by-step or documentation on how to do this?

Thanks in advance!

6 REPLIES 6

ThijsX
Valued Contributor
Valued Contributor

Hi,

You can go to Settings -> System -> Certificates
Here you can create a CSR or you can manually insert a certificate under the pane "modify certificates"

Ensure you insert the full chain of certificates so root / sub and so on.

Cheers,
Thijs.

nkuhl30
Contributor

Just out of curiosity, what are you using NetSUS for?

SlidewaysF30
New Contributor III

Thanks @txhaflaire ! I was thinking we can apply the certs from terminal but I guess it has to be done through the GUI?

@nkuhl30 We are using NetSUS to control/limit the Apple Software updates we release to our production endpoints.

ThijsX
Valued Contributor
Valued Contributor

@SlidewaysF30 Exactly through GUI.

ecb3e25e8ff145158ea6c74a81f6dae3

SlidewaysF30
New Contributor III

So I think I am running into a bigger issue here....When I try to apply the certs, I get "Invalid Private Key"...What I found out is that when the CSR was created, it was done through the backend with openssl. Does the CSR need to be created through the NetSUS GUI in order for the certs to apply?

I have four files that I was given by our Network team, who handles obtaining certs, and they are as follows: ServerCertificate.crt, ChainBundle.crt, .pem, and .csr.

I placed the .pem file contents in the "Private Key" field. The ServerCertificate.crt file contents were placed in the "Certificate field" and the ChainBundle.crt file contents were placed in the "CA Bundle" field.

SlidewaysF30
New Contributor III

Turns out that the private key was in the wrong format that NetSUS accepts, so converting it from .pem to .key was the solution.

I am however experiencing issues with our devices not being able to see updates from the SUS. I built it identical to our old NetSUS server but for some reason every computer that checks in for updates comes back with "0 updates found". If I switch it to Apple's server or our old NetSUS, it can see the updates just fine. Any ideas as to what may be preventing the updates from being found?