You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The URL "ctldl.windowsupdate.com" is essential for Windows Update because it is used to download the Certificate Trust List (CTL) which contains a list of certificates trusted by Windows for various purposes, including software updates. The CryptSvc service can add Third Party Roots downloaded from this URL to the authroot store, which is necessary for chain building using the Local Machine engine. This process ensures that the system trusts the updates coming from Windows Update.
[Enter feedback here]
We use Azure Firewall with Service Tag but we found an issue related to URL ctldl.windowsupdate.com which is missing and required from time to time
We add according to doc https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags
The URL "ctldl.windowsupdate.com" is essential for Windows Update because it is used to download the Certificate Trust List (CTL) which contains a list of certificates trusted by Windows for various purposes, including software updates. The CryptSvc service can add Third Party Roots downloaded from this URL to the authroot store, which is necessary for chain building using the Local Machine engine. This process ensures that the system trusts the updates coming from Windows Update.
Docs:
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus#211-configure-your-firewall-to-allow-your-first-wsus-server-to-connect-to-microsoft-domains-on-the-internet
https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/configure-trusted-roots-disallowed-certificates
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: