Updating SSL Certificate on SSRS Server

Overview

This article provides the procedure to update the SSL certificate on a SSRS (SQL Server Reporting Services) server.

Procedure

Get the CSR

(1) If this is a first-time creation, use your favorite CSR generation tool to generate the CSR. Then save the CSR in a secure place.

(2) Otherwise, retrieve the CSR you used previously.

Provision new SSL certificate

(1) Using the above CSR, provision a new SSL certificate from your favorite provider.

(2) Download/copy the SSL certificate to the SSRS server

Install the Certificate in the Certificate Store

(1) In a Command Window, type the "MMC" command and press Enter.

(2) Microsoft Management Console opens

(3) Navigate to File menu > Add/Remove Snap-In

(4) In the Add or Remove Snap-Ins dialog, select "Certificates" in the left list

(5) Click the Add button

(6) Specify the "Computer Account" option > Next

(7) Specify "Local computer" > Finish

(8) On the "Add or Remove Snap-in" dialog, click OK

(9) Navigate to Console Root > Certificates (Local Computer) > Personal > Certificates

(10) Right-click the "Certificates" folder > All Tasks > Import

(11) The "Local Machine" option should be selected and read-only.

(12) Click Next

(13) Specify the certificate file

(14) Click Next

(15) Select the "Place all certificates in the following store" option and specify "Personal"

(16) Click "Next"

(17) Click "Finish"

(18) The new certificate should now appear in the Certificates folder

(19) Right-click the certificate > Properties

(20) Edit the Friendly Name field to include the current date (I recommend a YYYY-MM-DD format)

(21) BEFORE PROCEEDING, be sure the private key is bound to the certificate, per this article.

Configure SSRS to Use the New Certificate

(1) On the Windows Start menu, run the "Report Server Configuration Manager" app

(2) Select Web Service URL

(3) For HTTPS Certificate field, choose the one with today's date (This will be the certificate you edited the Friendly Name for above.)

(4) Click the Apply button and wait for it to process.

Troubleshooting

Sometimes the certificate can't be bound. If so, you'll need to remove the existing binding as follows.

(1) In a Command Window, find the SSRS configuration file via the "dir rsreportserver.config /s/b" command.

(2) Make a backup copy of the "rsreportserver.config" file.

(3) Edit the "rsreportserver.config" file in Notepad.

(4) Find the "<URLReservations>" node

(5) Remove the "<URL>" node (from the "<URL> tag to the "</URL>" tag) for any item that binds to HTTPS (port 443).

(6) Save the "rsreportserver.config" file.

(7) Open "Services" and restart the "SQL Server Reporting Services" service

(8) Repeat the above procedure to "Configure SSRS to Use the New Certificate"