Hi, I have a question or maybe enhancement request about signing updates. We want to use WSUS on Server 2012 R2 to deliver third party updates but our security team don't like storing the signing cert on the publishing server and want us to have them sign updates for us (they are using an HSM to store the cert).
As far as I can tell Package Publisher requires the signing cert to be installed locally but it looks like the WSUS API supports importing an already signed update using the PublishSignedPackage method. Is there already a way to use this within Package Publisher, or could a feature be added to import packages that are already signed so the local signing cert is not used?
As far as I can tell Package Publisher requires the signing cert to be installed locally but it looks like the WSUS API supports importing an already signed update using the PublishSignedPackage method. Is there already a way to use this within Package Publisher, or could a feature be added to import packages that are already signed so the local signing cert is not used?
