Manage the private keys of a certificate

The XProtect Update Manager service runs as the Network Service account. To make sure the communication between the different elements is encrypted, you must allow the service account to use the private key of the certificate.

After you have imported the SSL certificate to the private store on the local computer:

On the update server host, start Manage computer certificates and go to the certificates in the Personal store.
Right-click the certificate and select All Tasks > Manage Private Keys.
Add read permission for the Network service account.