Learn how to troubleshoot and apply SSL in SSRS
Here at Fpweb.net, we receive requests to create or renew SSL Certificates for SharePoint sites on almost a daily basis.
In my experience, this has always been one of the simpler, more straightforward services we provide for our customers. I recently completed a request for an SSL renewal and, upon checking the site’s certificate, found that the old cert was still being used.
I’ve generated and completed numerous SSL requests for SharePoint Server 2013 sites without encountering this, so I was a bit baffled.
After retracing my steps and ensuring no mistakes had been made, I was still at a loss… until I realized that SQL Server Reporting Services was installed and running on the server. Fpweb.net hosts many unique environments, but also many that are very similar. Months of performing this task on similar environments, repeating the exact same steps, led to this oversight. Now, aware of SSRS, I could proceed… though, that didn’t go as smoothly as I hoped. Let me explain:
I’ll illustrate the steps I took to update the SSL Certificate in SSRS, the issues I experienced while doing so, and what was done to solve the problem in order to make your life a lot easier when you encounter this. These instructions assume that the certificate request has been completed in IIS and that report server database has already been created and configured.
When IIS and SSRS are running on the same computer the W3SVC (World Wide Web service) in IIS needs to be running. This should be running to begin with, but you can double check by right clicking the name of your server in the connections pane of IIS and looking to see if it has been stopped.
The next step is to open the Reporting Services Configuration Manager and connect to the server.
Now select ‘Web Service URL’ from the list on the left hand side. Use the ‘SSL Certificate’ drop down menu to select the desired certificate and hit apply. The URL listed at the bottom can then be used to check that the site is now using the updated certificate.
Unfortunately, when I went to select the new SLL Certificate from the menu, it wasn’t listed. If this happens, navigate back to the ‘Report Server Status’ page by clicking on the name of the server in the ‘Connect’ pane. Stop then restart the service. This will refresh the list of certificates in the ‘Web Service URL’ page and allow you to apply the new SSL.
After restarting the service, the SSL that I wanted to use appeared in the list so I selected and applied it… only to receive an error message!
This message claimed that a binding already exists for the IP address and port combination. Luckily, the message also told me how to fix the issue: remove the binding and create a new one.
You can use the Command Prompt command netsh http show sslcert to view the binding:
This can be cleared out using a similar Command Prompt command: netsh http delete sslcert ipport=[::]:443 (if that does not work, simply replace “[::]:443 with your IP:port combination). Once this is completed, return back to ‘Web Service URL’ in the Reporting Services Configuration Manager and recreate the bindings with the correct SSL.
Once I had taken the above steps, I decided to go ahead and delete and recreate the bindings in ‘Report Manager URL’. You can do so by selecting ‘Report Manager URL’ and click on ‘Advanced’. This will bring up the ‘Advanced Multiple Web Site Configuration’ window which allows you to configure and edit multiple identities for Report Manager.
In this new window, I simply removed each binding and then added them back, making sure to select the proper certificate for port 443. Once this was completed, I went ahead and restarted the Report Service to ensure all of my changes were registering. Feeling confident (ok, just really hoping) that all of the bindings had truly been updated to reflect the new SSL Certificate, I navigated to the site and… it was updated!
I’ll admit that it was a bit frustrating that the normally quick and simple task of renewing and applying an SSL Certificate turned out to be not so simple. I’ll also admit that it turned out to be a great experience to learn about programs and procedures I had never encountered before. I hope it helps you!