Infractal 2 Posted July 8, 2014 Share Posted July 8, 2014 After the update to the windows update agent on Windows 7 (possible 8/8.1 as well) I am not longer able to pull and install updates from Microsoft over WU when SSL inspection is enabled. The connection fails citing a certificate error. I assume MS is tightening up their update agent and pinning a cert to it, so when it sees the ESET cert sitting in the middle for traffic inspection it kills the connection without pulling updates. I disabled SSL inspection and things started working correctly again, but I assume there is a list of URLs used by the Windows Update agent that I can exclude from SSL inspection to give a better workaround? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 8, 2014 Share Posted July 8, 2014 (edited) If you manually go through the motions to add or re-add the cert to the Trusted Root Certificate Authority in windows, does it make a difference ? On a side note, are you using a local wu server or were you referring to windows servers the whole time ? Edited July 8, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Infractal 2 Posted July 8, 2014 Author Share Posted July 8, 2014 This is pulling directly from Microsoft's update servers. I haven't seen a problem with contacting internal WSUS servers over HTTPS but I would assume Microsoft is being much more permissive there since an internal WSUS deployment could be using any certificate, where as the ones hosted on Microsoft.com can be pinned. This is for the Windows 7 Windows Update Agent 7.6.7600.256 that was released around July 1st/2nd. When you say re-add the cert, do you mean the ESET one that it uses for SSL inspection or the one on Microsoft's end? Link to comment Share on other sites More sharing options...
ESET Insiders glugy 32 Posted July 8, 2014 ESET Insiders Share Posted July 8, 2014 ssl not work with origin fifa14/fut14 please resolve,Trusted Root Certificate,but not work! Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 8, 2014 Share Posted July 8, 2014 (edited) This is pulling directly from Microsoft's update servers. I haven't seen a problem with contacting internal WSUS servers over HTTPS but I would assume Microsoft is being much more permissive there since an internal WSUS deployment could be using any certificate, where as the ones hosted on Microsoft.com can be pinned. This is for the Windows 7 Windows Update Agent 7.6.7600.256 that was released around July 1st/2nd. When you say re-add the cert, do you mean the ESET one that it uses for SSL inspection or the one on Microsoft's end? Yes. Run > mmc > Add snapin > certificates > computer account > local computer > trusted root certs > import. the eset cert exported from the product. stop and restart wu service > try updates again . Edited July 8, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Recommended Posts