CHAPTER 11 SECURING REPORTS
Applying an SSL Certificate
Now it is time to apply a certificate to the SSRS server and rescan the traffic to make sure the viewable
data in clear text will be encrypted.
Several companies provide server certificates that can be installed on a Web server and verified
directly over the Internet from the trusted site that issued the certificate. By using the certificates issued
from these trusted sources, such as VeriSign, the client will automatically trust the site. Other
certificates, such as those generated through Certificate Services in Windows, may require that the
certificate be installed on the client machine because the client will not automatically trust the
certificate if it cannot reach the certificate authority. Generally, for Internet use, it is more practical to
pay the fee to use the commercial certificate. The online deployment uses a server certificate issued from
a commercial certificate authority. However, for the temporary test environment, you can use SelfSSL, a
handy little utility that comes with the IIS Support Tools, even though we are not going to be using IIS.
You can download SelfSSL from the following location:http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628
-ade629c89499&displaylang=enSelfSSL will generate and automatically apply a temporary certificate to a Web site. You run SelfSSL
from the command line on the server on which you want to add the certificate. Once it is installed, you
can open a command prompt for SelfSSL by clicking Start ➤ All Programs ➤ IIS Resources ➤ SelfSSL. The
typical syntax will be in the following format:Selfssl.exe /N:CN=MACHINENAMEHERE /V:20 /TThe /N:CN=MACHINENAMEHERE /T option indicates that the common name on the certificate
will be the name of the server (You will substitute your server name in the command). The /V:20 portion
indicates that the certificate is valid for 20 days. The /T option instructs SelfSSL to add the certificate to
the Trusted Certificates list so that the local browser will automatically use the certificate when
connecting to the site. You can manually install a local copy of the certificate on other client machines
that will access this server. Because SelfSSL installs the certificate that it generates, you don’t need to go
through the process of generating a certificate request, which would normally be sent to a certificate
authority. Note When you create the temporary certificate on your test server, it will ask if you would like to change the
settings for a website on your system. There is no need to do this since we will be binding the certificate in the
configuration manager manually. If you do, you may receive an error on opening the metabase, but you can ignore
this.After we create and install the new SSL certificate, we need to configure SSRS to use this certificate
to encrypt the HTTP traffic sent via Report Manager. Open the Reporting Services Configuration
Manager by clicking Start ➤ All Programs ➤ Microsoft SQL Server 2012 ➤ Configuration Tools ➤
Reporting Services Configuration Manager. Once open, connect to your SSRS 2012 instance, and click
the Report Manager URL link in the left-hand navigation bar.
From here, click the Advanced button to open the Advanced Multiple Web Site Configuration
screen. You will notice that there are two sections in this configuration window. The top section is used
to configure HTTP identities and the bottom for HTTPS/SSL configurations. Click the Add button in the