Easy2Patch v4.0
Easy2Patch v4.0
  • Infrastructure Documents
  • Overview
    • What is Easy2Patch?
    • Request a new 3rd Party Applications
    • FAQs
    • Road Map
    • Release Notes
    • Version Compare
    • Licensing
  • Planning
    • POC Requirements for Easy2Patch 3.1
    • POC Requirements for Easy2Patch 4.0 Web Edition
    • Supported Configurations
    • Windows Operating System Requirements
    • SQL Server Requirements
    • Other Requirements
    • Network Considerations
    • Antivirus Exclusion List for Easy2PatchV3
    • Design
      • Update & Application & Intune (Server Deployment)
      • Standalone WSUS Deployment
      • Standalone Intune Deployment
  • Deployment
    • Installing WSUS Console
    • Installing SCCM Admin Console
    • Installing IIS Component for Easy2Patch 4.0
    • Configuring Intune Application Registration
    • Getting Code-Signing Certificate
    • Installing Easy2Patch 3.1
      • Upgrading to Easy2Patch 3.1.10
      • Licensing Easy2Patch 3.1
    • Installing Easy2Patch 4.0
      • Upgrading Easy2Patch 4.0
      • Easy2Patch Backup & Restore
      • Licensing Easy2Patch 4.0
  • Configuring
    • SSL Configuration in WSUS for 3rd Party Update
    • Configuring ConfigMgr for 3rd Party Updates
    • Easy2Patch 3.1 Settings
      • General
        • Certificate Management
        • Backup Settings
          • Restore Easy2Patch 3.x
        • General Settings
        • Application Deployment
        • Intune Deployment
        • Maintenance
      • Notification
        • E-Mail
        • Telegram
          • Creating a Telegram Bot
          • Telegram Chat ID
      • SCCM / WSUS / INTUNE
        • WSUS Settings
        • SCCM Settings
        • Database Settings
        • Intune Settings
      • Proxy
    • Easy2Patch 4.0 Settings
      • Migrate from Easy2Patch 3.x
      • General Settings
        • General
        • Identity
          • Active Directory
          • EntraID
            • Required Permissions for EntraID
        • Proxy
        • Log
        • Maintenance
        • Login
      • Deployment Settings
        • Process Conflict
        • Update
        • Application Deployment
        • Intune Deployment
        • Defender
      • Connection Settings
        • Database
        • SCCM
        • WSUS
        • Intune
      • Managements
        • Role
        • License
        • Certificate Management
      • Alert Settings
        • Notification
          • E-Mail
          • Telegram
            • Creating a Telegram Bot
            • Telegram Chat ID
            • Telegram Setting
        • Alerts
        • Recipients
  • Managing Easy2Patch
    • Easy2Patch 3.1
      • Update
      • Application Deployment
      • Intune Update
      • Intune Application
      • License Management
    • Easy2Patch 4.0
      • Dashboard
        • WSUS
        • SCCM
        • Intune
      • Update
        • Application Custom Settings
        • WSUS Maintenance
        • Side Menu
      • Application
        • Application Deployment Right Click Menu
        • Application Custom Settings
        • SCCM Maintenance
        • Side Menu
      • Intune Update
        • Intune Update Right Click Menu
        • Application Custom Settings
        • Intune Maintenance
        • Side Menu
      • Intune Application
        • Intune Application Right Click Menu
        • Application Custom Settings
        • Intune Maintenance
        • Side Menu
      • CVE List
      • Schedule
      • Reporting
        • Update Status
  • Troubleshooting
    • Schema files not found!
    • Failed to sign package
    • Fixing 500.19 web.config error
    • Securing Windows Server
Powered by GitBook
On this page

Was this helpful?

  1. Configuring
  2. Easy2Patch 4.0 Settings
  3. Managements

Certificate Management

Scope: Easy2Patch (All versions)

PreviousLicenseNextAlert Settings

Last updated 4 months ago

Was this helpful?

Certificate Management

  1. The certificate management screen is opened by going to Settings > General > Certificate Management.

  2. Certificates with a wildcard (*) from the Selected Certificate list are eligible certificates. This certificate is the certificate obtained in the Code signing certificate generation step.

  3. Another method of selecting the code signing certificate, if the PFX version of the certificate is available, click the Import Certificate button.

  4. On the Open screen, the certificate with the PFX extension is selected and opened,

  5. Enter the password of the PFX certificate in the pop-up window and click OK.

Code Signing certificate imported with one of these 2 methods will be the certificate that WSUS software will use. Valid is written in the Certificate Status field, and the validity period of the certificate is written in the Expiration Date field. These areas are shown in green.

Timestamp Server

A timestamp server, also known as a time-stamping authority (TSA), is a trusted third-party service that provides a digital timestamp to a document, file, or message.

A digital timestamp is a cryptographic hash of the data that is encrypted with a private key owned by the timestamp server. This encrypted hash is then attached to the original data, allowing anyone who has the public key of the timestamp server to verify that the data existed at a specific point in time and has not been altered since then.

The purpose of a timestamp server is to provide a way to prove the integrity and authenticity of electronic records and documents over time, even if the original digital signatures or certificates expire or become invalid. This is especially important in industries such as finance, legal, and healthcare, where records must be kept for long periods of time and need to be verifiable.

Timestamp servers are typically used in conjunction with digital signature software, where a user signs a document using their private key and the timestamp server provides a digital timestamp to the signed document. This ensures that the document was signed at a specific point in time and has not been altered since then.

A desired timestamp server is selected from the Timestamp Server URL list. It is important that this address is accessible. It can be understood that it is accessible by pressing the ping button. Attention, the addresses shown here may not be page addresses that can be opened via browsers. They are services that run over TCP 80 and TCP 443.

The computer with SCCM Site Server, WSUS and Easy2Patch installed must have access to the selected timestamp address.

Import Certificate : It is used to import Code-Signing certificate with PFX extension. You need the password of the certificate when importing the PFX file. After the certificate is imported, the configuration must be saved by clicking the save button.

Generate Self-Signed: It is used to manually generate the required Code-Signing certificate for WSUS. This certificate needs to be distributed to all client systems manually or via GPO. You can export the certificate with the Export Certificate button. After the certificate is generated, the configuration must be saved by clicking the save button.

Export Certificate : It is used to export the selected and loaded certificate for Code-Signing for backup purposes. When exporting the certificate, a password must be specified as it will be exported together with the private key. It is important that this password is not forgotten. You will need this password during the import process.

You can any Timestamp server from the list and then click save button. The connection test to the timestamp server can be done with the ping button . Its important that the timestamp server address looks like a web address but a web page may not be published here. Timestamp server is a service that broadcasts on TCP ports 80 or 443.