I write this post after a hellish experience that lasted a couple of hours trying to sort out the SSL certificate for SSRS.
Basically the story goes like this…
Our SSL Certificate was due to expire on our SSRS Web Farm box, so we decided to renew it, even though the application is an internal reporting tool, but hey.
So basically what we did is renew our certificate (from CACert), which means we got issued with a new certificate, and then we went into IIS (7.0) to delete the old certificate (with Export) and upload the new certificate… everything is fine up to this point.
We have also registered the certificate in the “Trusted Root Certification Authorities” on Local Computer.
When I tried to hook-up the new certificate to SSRS (in Reporting Services Configuration Manager\Web Service URL), it gave me the following error message:
Microsoft.ReportingServices.WmiProvider.WMIProviderException: An SSL binding already exists for the specified IP address and port combination. The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.
Which means a IP:Port combination was still bound to the old certificate. Probably one of the more sensible error messages you get in SSRS.
In order to check what certificate is bound to which IP:Port combination, I used the following CommandLine command:
netsh http show sslcert
And sure enough, the old certificate was still bound to the following IP:Port combination:
This seems to be a binding setup by SSRS itself, rather than IIS, so if you delete the certificate before you actually remove it from SSRS, you end up with a stray binding entry for the old certificate.
Anyway to resolve the issue, all you need to do is issue a command to delete the binding for this specific IP:Port combination:
netsh http delete sslcert ipport=[::]:443
Then you can rebind SSRS Web Service URL to your SSL Certificate, and all should be cool and dandy!
Goodluck, hope this will save you some time!
UPDATE (2011/12/07): If you have your SSRS Service running on a Windows 2003 machine, then you will need to use httpcfg.exe to configure SSL Certificate Binding on HTTP and HTTPs. For more details on how to use httpcfg.exe, you can refer to the MSDN documentation on Configuringing HTTP and HTTPS or the syntax documentation for the httpcfg.exe command itself
The command to remove SSL certificates on Windows 2003 might look something like this:
httpcfg.exe delete ssl /h [SSL-HASH]