CHAPTER 11 SECURING REPORTS
One method to control the level of security that SSRS will use is via the service config file,
rsreportserver.config, located in the installed folder, typically Drive Letter:\Program Files\
Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer. Open the file in
Notepad, and look for the following entry:<Add Key="SecureConnectionLevel" Value="0"/>Figure 11-6. Warning for nontrusted security certificateFour values control the level of security, 0 through 3. The default for a deployment that does not
configure SSRS for SSL during installation is 0, which is the least secure. A value of 3, the most secure,
requires that every SOAP API call uses SSL. For this example, set the value to 2, which will require
encryption of all report data. All calls to the server will now automatically use port 443 and encrypt the
data, including the URL string itself, which is important if you are passing any possibly sensitive
information in the URL. If a user tried to connect to the Report Manager or report server URL using
HTTP, the report server would automatically redirect the client to HTTPS to require a secure connection.
You should also add the SSL certificate for use with the Report Service URL section in the SSRS
configuration tool before restarting the services to make this change effective. It will need to have a valid
certificate to use encrypted communication as well.
You can also remove the HTTP access through the Reporting Services Configuration Manager. In the
same section that we used to add the new SSL secured address, you can also remove the HTTP address
binding. This would require that any user trying to access the site would have to use the HTTPS address
and have all of the Web data encrypted.
We will also need to make a small change to the display filter that we setup earlier. We are looking
for port 80 traffic in that example, but we need to now be searching for port 443. Change your display
filter so that each instance of port 80 is now searching for port 443 and click the apply button to confirm
that change.
When you capture the frames in Network Monitor while using the new secure address, you can see
that all of the previous HTTP data on port 80 are now using SSL on port 443, as shown in Figure 11-7. The
data are encrypted and we can also see the SSL protocol handling the handshake setup so that all of our
HTTP data is safe and secure.