How to Setup SSRS to Use HTTPS – Part 2

This blog post is a continuation from last week’s post where I left off after showing you how to prepare SQL Server Reporting Services (SSRS) for the server (website) certificate. In this post, Part 2, I show you how to complete the process of setting-up SSRS to use HTTPS.

If you recall, in Part 1, I covered all of the steps needed to request the server certificate for use with SSRS and showed you how to setup SSRS to use the Network Service account. Next, in this post, I show you how to setup SSRS to use the server certificate for HTTPS, test the SSRS website and then I tell you how to clean-up the SSRS site if you get an “OLD” folder.

The overall process is as follows:

· Install the IIS Management Console.

· Import the server certificate from your domain certificate authority.

· Prepare SSRS for the server certificate

· Setup SSRS to use the server certificate.

· Test the SSRS website.

· Clean-up.

Setup SSRS to Use HTTPS Prerequisites

In order to put together this step-by-step guide, I created a new virtual machine (VM) {cm-rps-cb1} and then installed SQL Server 2017 (How to Install SQL Server 2017). Next, I installed SSRS itself (How to Install SQL Server Reporting Services 2017) and then finally, I installed the SCCM Reporting Services Point (How to Install a SCCM Reporting Services Point). Long ago, I setup a domain certificate authority in my domain, so you should have done the same too. This is my starting point.

Before continuing, make sure that you review and complete the steps within the first blog post, How to Setup SSRS to Use HTTPS – Part 1.

Setup SSRS to Use the Server Certificate

SSRS to Use HTTPS - Web Service URL Node

Open Report Server Configuration Manager and select the Web Service URL node.

SSRS to Use HTTPS - HTTPS Certificate Drop-Down

In the HTTPS Certificate drop-down, select the friendly name of the certificate that you created earlier.

SSRS to Use HTTPS - Apply Button

Click on the Apply button and wait for the results to complete. This might take several minutes.

SSRS to Use HTTPS - Warning Message

Warning Message:

The specified url was unexpectedly reserved. The previous reservation has been overridden.
The specified url may have been reserved by another product.

If you receive this warning message, click OK to continue. I found that this warning message does not cause any issues. I recommend, however, testing the URL to confirm that it works correctly. I cover how to do that in the next section.

SSRS to Use HTTPS - Web Portal URL

Click on the Web Portal URL node. Next, click Advanced.

SSRS to Use HTTPS - Multiple HTTPS Identities

Under the Multiple HTTPS Identities for the currently Reporting Services feature, click on the Add button.

SSRS to Use HTTPS - Certificate Drop-Down

Select the Certificate drop-down and choose the friendly name of the certificate that you created earlier. If you want (All IPv6) addresses too, select that from the IP Address drop-down.

Click OK.

SSRS to Use HTTPS - OK Button

Click OK.

SSRS to Use HTTPS - Results Window

Wait for the Results window to say: The task completed successfully.

Make note of the HTTPS URL above. You will need to remember it when you go to test the SSRS website in the next section.

Test the SSRS Website

SSRS to Use HTTPS - Report Server Web Service URLs

Back on the Web Service URL node, click on the HTTPS URL listed in the Report Server Web Service URLs section. In my case, it is https://cm-rps-cb1/ReportServer.

SSRS to Use HTTPS - ReportServer URL

This action launches a browser and connects to the ReportServer URL. A successful install looks similar to the one above.

If you see ConfigMgr_<site code>.OLD.* this means that the SCCM Reporting Point was active during the update to HTTPS, so this folder can be deleted. Details about how to delete the folder are covered a bit later on in this blog post.

SSRS to Use HTTPS - Reports

Next, add the text, “Reports,” to the end of the URL and hit Enter in order to continue. This URL should match the URL that you noted previously in the Web Portal URL section. In my case it is: https://cm-rps-cb1/Reports.

SSRS to Use HTTPS - SSRS Site

A successful site looks similar to the image above.

Using the same URL, https://cm-rps-cb1/Reports, browse to the HTTPS site from a remote computer. This test should also be successful, but if not, check your firewall ports. If you need additional help, check out my post, Why Can’t I Access My SSRS Site Remotely? It is written for HTTP, but the steps still apply for HTTPS, except instead of using port 80, use 443. Everything else in that blog post is the same for HTTPS.

With that last step successfully completed, SSRS is leveraging HTTPS.

Clean-up: How to Delete ConfigMgr_<site code>.OLD.*

Initially, I was going to show you how, in this post, to clean-up the “OLD” folder. Lo and behold, I found out that I already published a post, not too long ago, on how to do that! Please check out, “How to Delete SSRS Reports and Folders,” for more details.

Lastly, I would like to thank Niall Brady for giving me the excuse to write this blog post. If you have any questions about how to setup SSRS to use HTTPS, please feel free to touch base with me @GarthMJ.

Showing 8 comments
  • Karl Schantz
    Reply

    Hi. Thanks for the article. I’ve been through this process several times but I’ve got a question concerning the http address that remains in the configuration file. I’ve noticed that you can still connect to the report manager site insecurely because the URL reservation still exists on the server. So, after creating the URL binding to the SSL Certificate, and you have the https URL created, should you remove the default http URL in Reporting Services Configuration Manager? It makes sense to me but I can’t find any documentation to back it up and I don’t want to recommend doing this on a production server and risk downtime.

    • Garth Jones (Admin)
      Reply

      I’m embarrassed to say that I didn’t notice that. I’m glad that VM is still up and running! I will add it to my list of thing to look at! With any luck I will get to it before monday! feel free to contact me via our contact page.

  • Eigh
    Reply

    Hello Garth,

    This is a great post! I was able to utilize SSRS thanks to this! But I encountered a problem just recently when using a wildcard ssl certificate as the https certificate. It appears that I am still able to access the default url (https://servername:443/ReportServer) but when trying to use something like https://servername.myurl.com:443/ReportServer , it won’t let me. As far as I know, there is no current way to just directly do this with just using the report server configuration manager as there is a need to tinker the rsreportserver config file and a need to manually add/remove URL reservations… Having said that, may I know if you have a guide on how to properly set up the SSRS ReportServer and Reports using a wildcard ssl certificate? Thanks!

    • Garth Jones (Admin)
      Reply

      Where exactly did you get the wildcard cert from? What error do you get when you made SSRS use the FQDN? In the Wildcard cert is there and alternate common name set up?

      • Eigh
        Reply

        Hi Garth,

        The certificate was issued by Entrust Certification Authority – L1K. This is something that I have exported from one of our servers to be used in another server where my SSRS reports are and has been imported to Personal Certificates. I have exported it in pfx format. And yes, the Wildcard cert has the Subject Alternative Name functionality. The error I am encountering is that the page can’t be displayed or the browser cannot connect to the FQDN. It doesn’t even seem to see the url that I was adding in http.sys or at least my guess is that it’s not binding correctly.

        • Garth Jones (Admin)
          Reply

          Check to see if you have a proxy in place and if it is bypassing local domains.

  • Eigh
    Reply

    Okay, it seems I made some mixed ups on the FQDN and hostnames… just to clear things up, so using the serverName/ReportServer or the FQDN serverName.subdomain.domain.com/ReportServer works For the wildcard certificate, it is using *.domain.com. So I am guessing it is the host headers that I am not configuring properly.

Leave a Comment

Gifts
Share via
Copy link