MS SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding” | GOLINE
Goline Logo

FAQ

News

  • In the supply and logistics sectors, email communication is pivotal. However, organizations face threats like email fraud and phishing. GOLINE SA's clients struggled with configuring email authentication protocols manually. To address this challenge, GOLINE SA became an MSP Partner of PowerDMARC, collaborating to streamline implementation and management. PowerDMARC's cloud-based platform automated DMARC, SPF, and DKIM protocols for GOLINE SA's clients. This streamlined the transition to DMARC enforcement policies, bolstering domain protection without compromising email deliverability. The intuitive platform facilitated easy navigation and provided detailed reporting for proactive issue resolution. GOLINE SA's clients experienced tangible benefits: Enhanced Email Security: Automated protocols...
  • Route RPKI validation April 1st, 2022
    RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...
  • RIPE – Atlas Anchor February 17th, 2022
    We have become an even more integral part of the RIPE Atlas project by hosting an anchor, a device that allows for latency analysis of traffic between autonomous systems.https://atlas.ripe.net/probes/7073/RIPE Atlas anchors play an integral role in the RIPE Atlas network by acting both as enhanced RIPE Atlas probes with more measurement capacity, as well as regional measurement targets within the greater RIPE Atlas network. Anchors are able to perform many more measurements than a regular RIPE Atlas probe, and the large amount of data they collect is made available to everyone. In addition, anchors act as powerful targets that can...

MS SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding”

SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding”

This blog post is around the situation where you have SSRS setup to use HTTPS and thus using a certificate and the certificate expires (or just needs replacing). We had caught the initial error via our Continuous Monitoring of the SSRS site — basically when the certificate expired we got an exception and alerted on it.

The client installed a new certificate but the issue arose where in Reporting Service Configuration Manager we went to use the new certificate but when we chose it we got this error:

We are unable to create the certificate binding

SSRS Cert issue
Error in SSRS Configuration Manager

And Reporting Service Configuration Manager removes the HTTPS binding.

We checked and the certificate is installed correctly.

So we looked in SSRS logs:

C:Program FilesMicrosoft SQL ServerMSRS11.<instance>Reporting ServicesLogFiles

It is amazing for a reporting system how badly errors are reported in the log files. Basically there was nothing in there at all:

rshost!rshost!964!12/11/2017-08:13:47:: e ERROR: WriteCallback(): failed to write in write callback.

rshost!rshost!2aa4!12/11/2017-08:13:47:: e ERROR: Failed with win32 error 0x03E3, pipeline=0x00000002780A7D80.

httpruntime!ReportServer_0-33!2aa4!12/11/2017-08:13:47:: e ERROR: Failed in BaseWorkerRequest::SendHttpResponse(bool), exception=System.Runtime.InteropServices.COMException (0x800703E3): The I/O operation has been aborted because of either a thread exit or an application request. (Exception from HRESULT: 0x800703E3)

 at Microsoft.ReportingServices.HostingInterfaces.IRsHttpPipeline.SendResponse(Void* response, Boolean finalWrite, Boolean closeConn)

 at ReportingServicesHttpRuntime.BaseWorkerRequest.SendHttpResponse(Boolean finalFlush)

library!ReportServer_0-33!2aa4!12/11/2017-08:13:47:: e 



— End of inner exception stack trace —;

We knew that HTTP was working all good so SSRS itself was “ok”. So on a hunch we decided to see if the old certificate was still lying around bound to something and so using netsh:

SSRS NETSH
NETSH showing the old certificate bound

So we then removed the binding — which was safe enough as only SSRS was serving web requests on this server — IIS was not being used at all.:

netsh http delete sslcert ipport=[::]:443

SSRS netsh delete
Removing the certificate that was still bound to port 443

We could then bind the new certificate in Reporting Service Configuration Manager:

SSRS now bound
SSRS is now happy and listening on port 443

 

So hopefully if you get this type of error you too can solve it nice and quickly and have your web service URL and Report Manager URL nice and secure again…

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x