MS SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding” | GOLINE
Goline Logo

FAQ

News

  • Route RPKI validation April 1st, 2022
    RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...
  • RIPE – Atlas Anchor February 17th, 2022
    We have become an even more integral part of the RIPE Atlas project by hosting an anchor, a device that allows for latency analysis of traffic between autonomous systems.https://atlas.ripe.net/probes/7073/RIPE Atlas anchors play an integral role in the RIPE Atlas network by acting both as enhanced RIPE Atlas probes with more measurement capacity, as well as regional measurement targets within the greater RIPE Atlas network. Anchors are able to perform many more measurements than a regular RIPE Atlas probe, and the large amount of data they collect is made available to everyone. In addition, anchors act as powerful targets that can...
  • MANRS June 20th, 2020
    GOLINE firmly believes in initiatives to protect networks, improve security and resilience of the global routing system. Therefore we decided to support the MANRS project and join as participants.Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats. MANRS offers specific actions via four programs for Network Operators, Internet Exchange Points, CDN and Cloud Providers, and Equipment Vendors. Requirements for Participation Please read the full MANRS Actions document before applying. You can become a participant if you meet these requirements: You (or your company) support...

MS SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding”

SSRS won’t bind HTTPS to new certificate — “We are unable to create the certificate binding”

This blog post is around the situation where you have SSRS setup to use HTTPS and thus using a certificate and the certificate expires (or just needs replacing). We had caught the initial error via our Continuous Monitoring of the SSRS site — basically when the certificate expired we got an exception and alerted on it.

The client installed a new certificate but the issue arose where in Reporting Service Configuration Manager we went to use the new certificate but when we chose it we got this error:

We are unable to create the certificate binding

SSRS Cert issue
Error in SSRS Configuration Manager

And Reporting Service Configuration Manager removes the HTTPS binding.

We checked and the certificate is installed correctly.

So we looked in SSRS logs:

C:Program FilesMicrosoft SQL ServerMSRS11.<instance>Reporting ServicesLogFiles

It is amazing for a reporting system how badly errors are reported in the log files. Basically there was nothing in there at all:

rshost!rshost!964!12/11/2017-08:13:47:: e ERROR: WriteCallback(): failed to write in write callback.

rshost!rshost!2aa4!12/11/2017-08:13:47:: e ERROR: Failed with win32 error 0x03E3, pipeline=0x00000002780A7D80.

httpruntime!ReportServer_0-33!2aa4!12/11/2017-08:13:47:: e ERROR: Failed in BaseWorkerRequest::SendHttpResponse(bool), exception=System.Runtime.InteropServices.COMException (0x800703E3): The I/O operation has been aborted because of either a thread exit or an application request. (Exception from HRESULT: 0x800703E3)

 at Microsoft.ReportingServices.HostingInterfaces.IRsHttpPipeline.SendResponse(Void* response, Boolean finalWrite, Boolean closeConn)

 at ReportingServicesHttpRuntime.BaseWorkerRequest.SendHttpResponse(Boolean finalFlush)

library!ReportServer_0-33!2aa4!12/11/2017-08:13:47:: e 



— End of inner exception stack trace —;

We knew that HTTP was working all good so SSRS itself was “ok”. So on a hunch we decided to see if the old certificate was still lying around bound to something and so using netsh:

SSRS NETSH
NETSH showing the old certificate bound

So we then removed the binding — which was safe enough as only SSRS was serving web requests on this server — IIS was not being used at all.:

netsh http delete sslcert ipport=[::]:443

SSRS netsh delete
Removing the certificate that was still bound to port 443

We could then bind the new certificate in Reporting Service Configuration Manager:

SSRS now bound
SSRS is now happy and listening on port 443

 

So hopefully if you get this type of error you too can solve it nice and quickly and have your web service URL and Report Manager URL nice and secure again…

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x