How do I prevent un-encrypted report manager connections?

Hi, I am installing SSRS 2008 currently and am trying to ensure that all reports are delivered encrypted, via the certificate we have on the server. I have the default config for SSRS after installation and have added the certificate to Report Server and Report Manager. I can now access https://server/reportserver_instance and https://server/reports_instance and the certificate is acknowledged by the browser.

However, I can still access http://server/reportserver_instance and http://server/reports_instance and get unencrypted content. When I removed the port 80 connection via the advanced tab the report server ceases to provide any content and I get "The underlying connection was closed: An unexpected error occurred on a send."

Any thoughts, suggestions, solutions welcomed!

more ▼

asked Aug 05, 2010 at 02:27 AM in Default

avatar image

Fatherjack ♦♦
43.8k 79 99 118

(comments are locked)
10|1200 characters needed characters left

3 answers: sort voted first

Start -> Run -> inetmgr. Navigate to the report server site and check the value of the Enabled Protocols. If it is set to http (or https) then both protocols are enabled. This is a problem because the site is listening on both ports (80 and 443) and serves http requests which is not what you want. The details of the Enabled Protocols settings have this in the details frame:

if you want to accept only HTTPS requests, configure SSL feature for your site.

I believe that this means double-clicking on SSL Settings and then making sure that Require SSL checkbox is checked. What this should accomplish is the following: when the client sends a plain vanilla http request to the report server site, the latter will bark, stating that no http connections are allowed and https should be specified as a protocol. From what I understand, you have already configured secure bindings before, so your report server site does accept https connections.

Hope this helps, I can see how availability of http can be really annoying if the site in question is meant to work over secure socket layers only.


more ▼

answered Aug 07, 2010 at 03:45 PM

avatar image

18.9k 3 7 28

Oleg, this is SQRS 2008, so its not managed via the IIS manager. If only it was as easy as ticking the Require SSL like 2005! I am beginning to think that the only option is to block it via a firewall setting...

Aug 08, 2010 at 05:44 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left

I think you need to set SecureConnectionLevel to 3:

 0 = No SSL
 1 = Accept HTTP but reject any calls that might be involved in the passing of credentials
 2 = Use SSL for rendering but don't insist on it for all SOAP calls
 3 = Use SSL for everything
more ▼

answered Aug 05, 2010 at 05:37 AM

avatar image

David Wimbush
10.7k 30 34 43

yep, that looked like a winner for a while but every value except 0 returns the same error as removing the port 80 connection setting.

Aug 05, 2010 at 06:21 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left

Have you tried change the changing the "SecureConnectionLevel" to equal 0 with the rsReportServer.config file.

More info here


more ▼

answered Aug 05, 2010 at 04:18 AM

avatar image

10.8k 27 37 37

nice find. Sadly it hasnt resolved the issue as it is at 0 already. setting it to 1 gets me the same error as removing the port80 settings.

Aug 05, 2010 at 04:29 AM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: Aug 05, 2010 at 02:27 AM

Seen: 1534 times

Last Updated: Aug 05, 2010 at 02:27 AM

Copyright 2017 Redgate Software. Privacy Policy