x

How do I prevent un-encrypted report manager connections?

Hi, I am installing SSRS 2008 currently and am trying to ensure that all reports are delivered encrypted, via the certificate we have on the server. I have the default config for SSRS after installation and have added the certificate to Report Server and Report Manager. I can now access https://server/reportserver_instance and https://server/reports_instance and the certificate is acknowledged by the browser.

However, I can still access http://server/reportserver_instance and http://server/reports_instance and get unencrypted content. When I removed the port 80 connection via the advanced tab the report server ceases to provide any content and I get "The underlying connection was closed: An unexpected error occurred on a send."

Any thoughts, suggestions, solutions welcomed!
more ▼

asked Aug 05 '10 at 02:27 AM in Default

Fatherjack gravatar image

Fatherjack ♦♦
41.3k 73 77 107

(comments are locked)
10|1200 characters needed characters left

4 answers: sort voted first

Start -> Run -> inetmgr. Navigate to the report server site and check the value of the Enabled Protocols. If it is set to http (or https) then both protocols are enabled. This is a problem because the site is listening on both ports (80 and 443) and serves http requests which is not what you want. The details of the Enabled Protocols settings have this in the details frame:

if you want to accept only HTTPS requests, configure SSL feature for your site.

I believe that this means double-clicking on SSL Settings and then making sure that Require SSL checkbox is checked. What this should accomplish is the following: when the client sends a plain vanilla http request to the report server site, the latter will bark, stating that no http connections are allowed and https should be specified as a protocol. From what I understand, you have already configured secure bindings before, so your report server site does accept https connections.

Hope this helps, I can see how availability of http can be really annoying if the site in question is meant to work over secure socket layers only.

Oleg
more ▼

answered Aug 07 '10 at 03:45 PM

Oleg gravatar image

Oleg
15.9k 2 4 24

Oleg, this is SQRS 2008, so its not managed via the IIS manager. If only it was as easy as ticking the Require SSL like 2005! I am beginning to think that the only option is to block it via a firewall setting...
Aug 08 '10 at 05:44 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left

I think you need to set SecureConnectionLevel to 3:

0 = No SSL
1 = Accept HTTP but reject any calls that might be involved in the passing of credentials
2 = Use SSL for rendering but don't insist on it for all SOAP calls
3 = Use SSL for everything
more ▼

answered Aug 05 '10 at 05:37 AM

David Wimbush gravatar image

David Wimbush
4.7k 28 29 31

yep, that looked like a winner for a while but every value except 0 returns the same error as removing the port 80 connection setting.
Aug 05 '10 at 06:21 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left

Have you tried change the changing the "SecureConnectionLevel" to equal 0 with the rsReportServer.config file.

More info here

[Link][1]

[1]: http://social.msdn.microsoft.com/forums/en-US/sqlreportingservices/thread/31196bf7-1c8b-47b1-87a0-7cb117df97bd/
more ▼

answered Aug 05 '10 at 04:18 AM

sp_lock gravatar image

sp_lock
9k 24 27 30

nice find. Sadly it hasnt resolved the issue as it is at 0 already. setting it to 1 gets me the same error as removing the port80 settings.
Aug 05 '10 at 04:29 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

New code box

There's a new way to format code on the site - the red speech bubble logo will automatically format T-SQL for you. The original code box is still there for XML, etc. More details here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x535
x31
x3

asked: Aug 05 '10 at 02:27 AM

Seen: 1147 times

Last Updated: Aug 05 '10 at 02:27 AM