I am installing System Center Updates Publisher 2011 for our SCCM 2007 R2 system.
Our SCCM 2007 R2 system runs in mixed mode. We have a dedicated server for SUP/WSUS and OSD/PXE functions.
Shall I install SCUP 2011 on the dedicated server? I have installed it on my Windows 7 computer. What is the best practice configuration? SCUP should be equivalent WSUS role for Microsoft Partners software updates. Am I right? In this case, I should install SCUP on the SUP/WSUS server in my opinion.
We have used the SUP/WSUS to apply Microsoft updates without any problems so far.
When I am investigating the certificate requirement for SCUP 2011 code signing, I have found out that our SUP/WSUS server has some self-signed certificates for SMS and WSUS.
All our SCCM 2007 servers except one have self-signed SMS Encryption Certificate and SMS Signing Certificate - those certificates are issued to SMS by SMS. The SUP/WSUS server also has an extra self-signed certificate WSUS Publishers Self-signed for code signing.
We do have our own Microsoft Active Directory Certificate Services internal PKI service which has been trusted by our AD domain. Therefore, I would like to use an certificate from the PKI service for SCUP 2011 server such that all our SCCM 2007 clients will trust the certificate for non Microsoft software updates.
What should I do re the self-signed SMS or WSUS certificates on the SUP/WSUS server?
I just want to add SCUP to our SCCM 2007 system without causing problems to Microsoft updates deployment via SUP/WSUS.