How do I prevent un-encrypted report manager connections?
Hi, I am installing SSRS 2008 currently and am trying to ensure that all reports are delivered encrypted, via the certificate we have on the server. I have the default config for SSRS after installation and have added the certificate to Report Server and Report Manager. I can now access https://server/reportserver_instance and https://server/reports_instance and the certificate is acknowledged by the browser. However, I can still access http://server/reportserver_instance and http://server/reports_instance and get unencrypted content. When I removed the port 80 connection via the advanced tab the report server ceases to provide any content and I get "The underlying connection was closed: An unexpected error occurred on a send." Any thoughts, suggestions, solutions welcomed!
I think you need to set SecureConnectionLevel to 3: 0 = No SSL 1 = Accept HTTP but reject any calls that might be involved in the passing of credentials 2 = Use SSL for rendering but don't insist on it for all SOAP calls 3 = Use SSL for everything
**Start** -> **Run** -> **inetmgr**. Navigate to the **report server** site and check the value of the **Enabled Protocols**. If it is set to **http** (or **https**) then ***both protocols*** are enabled. This is a problem because the site is listening on both ports (80 and 443) and serves http requests which is not what you want. The details of the **Enabled Protocols** settings have this in the details frame: > if you want to accept only HTTPS > requests, configure SSL feature for > your site. I believe that this means double-clicking on **SSL Settings** and then making sure that **Require SSL checkbox** is checked. What this should accomplish is the following: when the client sends a plain vanilla http request to the report server site, the latter will bark, stating that no http connections are allowed and https should be specified as a protocol. From what I understand, you have already configured secure bindings before, so your report server site does accept https connections. Hope this helps, I can see how availability of http can be really annoying if the site in question is meant to work over secure socket layers only. Oleg