Greetings all.
We're trying to run SQL Reporting Services over the internet with SSL. Our
reports contain sensitive data, so we want all Report Server traffic to go
over HTTPS (we do NOT want to allow any HTTP access).
We've got the Report Manager web application working, but with a couple of
quirks that we could use some help on.
Here is the current (functional but unacceptable) configuration...
This is a single-server deployment on Windows Server 2003 (and IIS) with SQL
Server 2000 (SP3a) and SQL Reporting Services (SP1).
IIS Anonymous access is turned off. Only Windows Authentication is used
(along with only Internet Explorer browsers).
The "Require secure channel (SSL)" checkboxes are NOT checked in the IIS
"Directory Security" settings for the Default Web Site along with the
"Reports" and "ReportServer" Virtual Directories (because if we do check it,
Report Manager won't work).
HTTP traffic is set to port 81 in IIS (for now - in order to reject all HTTP
traffic to the default port 80).
HTTPS traffic is set to the default port 443 in IIS.
The security certificate installed on this web server is configured for
"reports.mycompany.com" (of course with "mycompany" substituted for the
actual company name).
RSWebApplication.config:
<ReportServerUrl>http://localhost:81/ReportServer</ReportServerUrl>
<ReportServerExternalUrl>https://reports.mycompany.com/ReportServer</ReportS
erverExternalUrl>
RSReportServer.config:
<Add Key="SecureConnectionLevel" Value="2"/>
<UrlRoot>https://reports.mycompany.com/ReportServer</UrlRoot>
...
Report Manager DOES work over HTTPS with this configuration.
However, all of the Report Manager's upper navigation links ("Home," "My
Subscriptions," "Site Settings," "Help," and the breadcrumb-trail links) use
HTTP (over port 80, which we reject) instead of HTTPS, so none of these
links work.
...
Unfortunately, even though it works, this configuration is unacceptable
because a big requirement we have is that we want all Report Server traffic
to go over HTTPS; we do no want to allow HTTP traffic. The current
configuration still allows HTTP traffic over port 81 because it's the only
way we've been able to get things to work.
If we check the "Require secure channel (SSL)" checkbox in the IIS
"Directory Security" settings (which we want to do), Report Manager gives an
error saying "could not establish secure channel for SSL/TLS."
If we set the "SecureConnectionLevel" value to "3" then Report Manager gives
an error saying "could not establish secure channel for SSL/TLS."
We tried changing the "ReportServerUrl" node in the
"RSWebApplication.config" file to https://localhost/ReportServer (in order
to use nothing HTTPS paths in our configuration), but we continued to get
the "could not establish secure channel for SSL/TLS" error.
Does anyone have any ideas on how we can get all our traffic over HTTPS and
shut off all HTTP traffic?
Many Thanks!
JodyJody,
We do have RS working with SSL on one machine however on another machine we
can not get it to work. From your post I would recommend you change the
ReportServerURL node in your RSWebApplication.config file to
https://[FQDN]/ReportServer rather then https://localhost/ReportServer. For
example https://www.abc.com/ReportServer. Hope this helps.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment