question

Fatherjack avatar image
Fatherjack asked

How do I prevent un-encrypted report manager connections?

Hi, I am installing SSRS 2008 currently and am trying to ensure that all reports are delivered encrypted, via the certificate we have on the server. I have the default config for SSRS after installation and have added the certificate to Report Server and Report Manager. I can now access https://server/reportserver_instance and https://server/reports_instance and the certificate is acknowledged by the browser. However, I can still access http://server/reportserver_instance and http://server/reports_instance and get unencrypted content. When I removed the port 80 connection via the advanced tab the report server ceases to provide any content and I get "The underlying connection was closed: An unexpected error occurred on a send." Any thoughts, suggestions, solutions welcomed!
ssrsconfigurationssl
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sp_lock avatar image
sp_lock answered
Have you tried change the changing the "SecureConnectionLevel" to equal 0 with the rsReportServer.config file. More info here [Link][1] [1]: http://social.msdn.microsoft.com/forums/en-US/sqlreportingservices/thread/31196bf7-1c8b-47b1-87a0-7cb117df97bd/
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

nice find. Sadly it hasnt resolved the issue as it is at 0 already. setting it to 1 gets me the same error as removing the port80 settings.
0 Likes 0 ·
David Wimbush avatar image
David Wimbush answered
I think you need to set SecureConnectionLevel to 3: 0 = No SSL 1 = Accept HTTP but reject any calls that might be involved in the passing of credentials 2 = Use SSL for rendering but don't insist on it for all SOAP calls 3 = Use SSL for everything
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

yep, that looked like a winner for a while but every value except 0 returns the same error as removing the port 80 connection setting.
0 Likes 0 ·
Oleg avatar image
Oleg answered
**Start** -> **Run** -> **inetmgr**. Navigate to the **report server** site and check the value of the **Enabled Protocols**. If it is set to **http** (or **https**) then ***both protocols*** are enabled. This is a problem because the site is listening on both ports (80 and 443) and serves http requests which is not what you want. The details of the **Enabled Protocols** settings have this in the details frame: > if you want to accept only HTTPS > requests, configure SSL feature for > your site. I believe that this means double-clicking on **SSL Settings** and then making sure that **Require SSL checkbox** is checked. What this should accomplish is the following: when the client sends a plain vanilla http request to the report server site, the latter will bark, stating that no http connections are allowed and https should be specified as a protocol. From what I understand, you have already configured secure bindings before, so your report server site does accept https connections. Hope this helps, I can see how availability of http can be really annoying if the site in question is meant to work over secure socket layers only. Oleg
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Oleg, this is SQRS 2008, so its not managed via the IIS manager. If only it was as easy as ticking the Require SSL like 2005! I am beginning to think that the only option is to block it via a firewall setting...
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.