Once again, select the bottom “Add” button.Ĭhoose your certificate (the same selection as before is fine).Recently at work I was given the task of enabling SSL on a new SQL Server 2014 Reporting Services server instance.
Once the configuration has been appropriately applied, the “apply” button will become greyed out. If needed, add relevant root and Intermediate Certificate into the appropriate machine certificate stores!
SSRS 2016 WILDCARD CERTIFICATE WINDOWS
The underlying windows machine MUST trust the certificate chain of the certificate you select in order to create a binding for it. The above error is common in the case of using an internally signed CA. Optionally, remove the HTTP Identity, and then select “OK”. Note that “URL” is sourced from the common name of the certificate. Ensure that you select a certificate with a corresponding private key! Anything in the personal node will appear, but a certificate without a private key is not a valid selection, and will result in cryptic errors. Available options are sourced by enumerating anything in the machine store’s node. Under “Web Services URL”, select “Advanced”.Ĭhoose a “Certificate”. More recent versions do not have this problem. Older versions of SSRS were notorious for being unable to work with wildcard certificates. This is required for browsers to trust your certificate! Ensure when creating your CSR to populate the SAN name field in the certificate, even if it is the same as the common name. Alternatively, we could create our CSR from the MMC on the SSRS Server (which stores the private key on this machine in the “Certificate Enrollment Requests” node), and subsequently import our signed response from our CA. Since SSRS’s configuration tool will let you specify a certificate that is present in the machine store’s personal certificate node, first we must import a certificate to this location. Your SSL/TLS certificate must now be setup in two separate spots, which can be confusing at first. These constitute certain advanced features of SSRS.
Unless your vendor documentation says otherwise, “Subscription Settings”, “Scale-Out Deployment” and “Power BI Service” can usually be ignored. Be sure to record this passphrase for safekeeping, this will be absolutely required during upgrades of SSRS. You will need to specify a password, which will be used to protect the symmetric key. In the cases it is required, it is usually called out in vendor documentation. Most of the time, we can leave this blank. Select “Web Portal URL” and choose “Apply”.Įmail settings are important to configure if you want to be able to email out reports on a schedule.Įxecution Account allows you to specify a service principal in whose context certain operations to remote servers will run. SSRS will begin its database configuration routine. The default is to create an account for this purpose with least privilege. On this screen, we specify the credentials SSRS will use going forward to connect to SQL Server. The alternative is a Sharepoint-managed SSRS instance, which is installed as part of a Sharepoint deployment through a different tool. Most of the time, your report server mode will be “Native”. Select “Next” to create your Report Server database. Don’t worry about SSRS running as your administrative user in perpetuity! This establishes a connection to the instance for configuration purposes, but the credentials chosen on this screen are NOT persistent. If the user you are signed in as has sysadmin level privilege on your local SQL Server instance, simply select “Next”. Usually, SQL Server runs on the server running Reporting Services itself, but it is possible to configure it to point to another server. (Or, if this is an upgrade/migration, choose an existing report server database instead). Select “Create a new report server database”. Somewhat counterintuitively, select “Change Database”. Under “Database” we must create a database for our SSRS instance. We will come back in and replace this with an HTTPS connection later, but this will allow us to proceed through the rest of the setup. On this screen, simply hit “Apply” to accept the defaults.
SSRS 2016 WILDCARD CERTIFICATE SOFTWARE
In the case of third-party integration, often the account running the software also runs the SSRS instance! In certain situations, it is preferable to use a domain account. This special local account doesn’t require you to set a password. For those familiar with Active Directory, this is somewhat similar to a localized version of a GMSA (Group-managed service account). It is recommended to configure SSRS BEFORE applying an SSL/TLS certificate.īy default, SSRS will create a “virtual service account”.
0 kommentar(er)
