Unable to create self-signed certificates on Windows Server 2012 R2

KB 1006: Unable to create self-signed certificates on Windows Server 2012 R2


Windows Server Update Services (WSUS) cannot create self-signed certificates for Patch Manager packages.


  • WSUS on Microsoft® Windows Server® 2012 R2 or later

Microsoft® has restricted to create self-singed certificates by applying new updates.


Perform the following procedure:

  1. Open Run window, type regedit and press Enter.
  2. Browse to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup.
  3. Right click, select New --> DWORD (32-bit) value).
  4. Name it EnableSelfSignedCertificates (make sure you have the same name typed).
  5. Modify the value to 1.
  6. Try to create self-signed certificate, it should work now.
Note: Once done, its recommended to change the value back to 0.

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the emt software or documentation that you purchased from emt, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.