This blog post is a continuation from last week’s post where I left off after showing you how to prepare SQL Server Reporting Services (SSRS) for the server (website) certificate. In this post, Part 2, I show you how to complete the process of setting-up SSRS to use HTTPS.
If you recall, in Part 1, I covered all of the steps needed to request the server certificate for use with SSRS and showed you how to setup SSRS to use the Network Service account. Next, in this post, I show you how to setup SSRS to use the server certificate for HTTPS, test the SSRS website and then I tell you how to clean-up the SSRS site if you get an “OLD” folder.
The overall process is as follows:
· Install the IIS Management Console.
· Import the server certificate from your domain certificate authority.
· Prepare SSRS for the server certificate
· Setup SSRS to use the server certificate.
· Test the SSRS website.
· Clean-up.
Setup SSRS to Use HTTPS Prerequisites
In order to put together this step-by-step guide, I created a new virtual machine (VM) {cm-rps-cb1} and then installed SQL Server 2017 (How to Install SQL Server 2017). Next, I installed SSRS itself (How to Install SQL Server Reporting Services 2017) and then finally, I installed the SCCM Reporting Services Point (How to Install a SCCM Reporting Services Point). Long ago, I setup a domain certificate authority in my domain, so you should have done the same too. This is my starting point.
Before continuing, make sure that you review and complete the steps within the first blog post, How to Setup SSRS to Use HTTPS – Part 1.
Setup SSRS to Use the Server Certificate
Open Report Server Configuration Manager and select the Web Service URL node.
In the HTTPS Certificate drop-down, select the friendly name of the certificate that you created earlier.
Click on the Apply button and wait for the results to complete. This might take several minutes.
Warning Message:
The specified url was unexpectedly reserved. The previous reservation has been overridden.
The specified url may have been reserved by another product.
If you receive this warning message, click OK to continue. I found that this warning message does not cause any issues. I recommend, however, testing the URL to confirm that it works correctly. I cover how to do that in the next section.
Click on the Web Portal URL node. Next, click Advanced.
Under the Multiple HTTPS Identities for the currently Reporting Services feature, click on the Add button.
Select the Certificate drop-down and choose the friendly name of the certificate that you created earlier. If you want (All IPv6) addresses too, select that from the IP Address drop-down.
Click OK.
Click OK.
Wait for the Results window to say: The task completed successfully.
Make note of the HTTPS URL above. You will need to remember it when you go to test the SSRS website in the next section.
Test the SSRS Website
Back on the Web Service URL node, click on the HTTPS URL listed in the Report Server Web Service URLs section. In my case, it is https://cm-rps-cb1/ReportServer.
This action launches a browser and connects to the ReportServer URL. A successful install looks similar to the one above.
If you see ConfigMgr_<site code>.OLD.* this means that the SCCM Reporting Point was active during the update to HTTPS, so this folder can be deleted. Details about how to delete the folder are covered a bit later on in this blog post.
Next, add the text, “Reports,” to the end of the URL and hit Enter in order to continue. This URL should match the URL that you noted previously in the Web Portal URL section. In my case it is: https://cm-rps-cb1/Reports.
A successful site looks similar to the image above.
Using the same URL, https://cm-rps-cb1/Reports, browse to the HTTPS site from a remote computer. This test should also be successful, but if not, check your firewall ports. If you need additional help, check out my post, Why Can’t I Access My SSRS Site Remotely? It is written for HTTP, but the steps still apply for HTTPS, except instead of using port 80, use 443. Everything else in that blog post is the same for HTTPS.
With that last step successfully completed, SSRS is leveraging HTTPS.
Clean-up: How to Delete ConfigMgr_<site code>.OLD.*
Initially, I was going to show you how, in this post, to clean-up the “OLD” folder. Lo and behold, I found out that I already published a post, not too long ago, on how to do that! Please check out, “How to Delete SSRS Reports and Folders,” for more details.
Lastly, I would like to thank Niall Brady for giving me the excuse to write this blog post. If you have any questions about how to setup SSRS to use HTTPS, please feel free to touch base with me @GarthMJ.
Hi. Thanks for the article. I’ve been through this process several times but I’ve got a question concerning the http address that remains in the configuration file. I’ve noticed that you can still connect to the report manager site insecurely because the URL reservation still exists on the server. So, after creating the URL binding to the SSL Certificate, and you have the https URL created, should you remove the default http URL in Reporting Services Configuration Manager? It makes sense to me but I can’t find any documentation to back it up and I don’t want to recommend doing this on a production server and risk downtime.
I’m embarrassed to say that I didn’t notice that. I’m glad that VM is still up and running! I will add it to my list of thing to look at! With any luck I will get to it before monday! feel free to contact me via our contact page.
Hi, Thanks for this great article. As Karl stated, I have also went through this process couple of times and have the same question. I tried removing http url after creating https and seems like https url errors out if http is removed. Does it make sense or you faced similar issue?
It is on my list of things to go back and review. I just have not had a change to do it yet.
Hi Garth.
Regarding the comment of Karl Schantz on 29 July 2020 at 3:02 pm.
We have the same question.
Do you have any recommendations on that?
Thank you for a splendid guide.
I still haven’t gotten back to it but if you look closely all of my articles these days are on PKI and me re-setting up my environment. So it should be too much longer.
Hello Garth,
This is a great post! I was able to utilize SSRS thanks to this! But I encountered a problem just recently when using a wildcard ssl certificate as the https certificate. It appears that I am still able to access the default url (https://servername:443/ReportServer) but when trying to use something like https://servername.myurl.com:443/ReportServer , it won’t let me. As far as I know, there is no current way to just directly do this with just using the report server configuration manager as there is a need to tinker the rsreportserver config file and a need to manually add/remove URL reservations… Having said that, may I know if you have a guide on how to properly set up the SSRS ReportServer and Reports using a wildcard ssl certificate? Thanks!
Where exactly did you get the wildcard cert from? What error do you get when you made SSRS use the FQDN? In the Wildcard cert is there and alternate common name set up?
Hi Garth,
The certificate was issued by Entrust Certification Authority – L1K. This is something that I have exported from one of our servers to be used in another server where my SSRS reports are and has been imported to Personal Certificates. I have exported it in pfx format. And yes, the Wildcard cert has the Subject Alternative Name functionality. The error I am encountering is that the page can’t be displayed or the browser cannot connect to the FQDN. It doesn’t even seem to see the url that I was adding in http.sys or at least my guess is that it’s not binding correctly.
Check to see if you have a proxy in place and if it is bypassing local domains.
Hi Garth,
Sorry, got quite lost there. This is my first time setting this up using the wildcard cert. May I know if you were referring to the web service proxy? (https://docs.microsoft.com/en-us/sql/reporting-services/report-server-web-service/net-framework/creating-the-web-service-proxy?view=sql-server-ver15). Also, I was checking the DNS names configured in the server for the FQDN as I realized I did not set up any that matches the one in the wildcard cert. Do I need to add forward lookup zones (e.g. myserver.mydomain.com) to match the certificate domain (*.mydomain.com) so that it can be properly mapped using the Reporting Services config manager?
Okay, it seems I made some mixed ups on the FQDN and hostnames… just to clear things up, so using the serverName/ReportServer or the FQDN serverName.subdomain.domain.com/ReportServer works For the wildcard certificate, it is using *.domain.com. So I am guessing it is the host headers that I am not configuring properly.
Hi Garth,
Currently we have SSRS for SCCM with HTTP and we need to configure HTTPS, is it mandatory to install IIS for this requirement or not required ?
In Part 1, it is only installing the IIS management console nothing more.
Thanks Garth.
Hi Garth,
thanks for the guides my report server url ends up being servername:80/reportserver for http and then unknown:443/reportserver for https unless i delete the http one and then the https becomes servername:443/reportserver.
Is there any way to stop this and allow both to exist at once?
Hi John, I hoping to get back to this again soon. if you see all of my latest posts are on me getting PKI setup again. So….