I'm trying to configure SSRS with SSL, when I try to add my SSL Cert via Reporting Services Configuration Manager, I get the following error; Microsoft.ReportingServices.WmiProvider.WMIProviderException: An HTTPS binding already exists for the specified IP address and port combination. The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.
There are no existing Certs in Web Service URL or Web Portal URL configuration, so went hunting... I found out SSRS SSL will bind to ipport=0.0.0.0:443
When I run;
netsh http show sslcert ipport=0.0.0.0:443
I do find there is a cert;
IP:port : 0.0.0.0:443
Certificate Hash : 37ae2ab1e2968f04bacdcb43e1ce3597da208b8d
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
I tried finding out more info about this cert via various powershell commands, but I cant find any reference to it. I searched results from following;
netsh http show sslcert
Get-ChildItem Cert:\ -Recurse
certutil -store My
certutil -store Root
certutil -store Trust
certutil -store CA
certutil -store Request
certutil -store OtherPeople
certutil -store AuthRoot
certutil -store TrustedPeople
I searched entire registry for the Certificate Hash but nothing. I searched for the hash using MMC, in 'Local Computer' and 'Current User'
I know I can run;
netsh http delete sslcert ipport=0.0.0.0:443
to clear the error, but I'm scared I'm going to break somehting. I'm out of my 'expertiese' depth at this point. This server is running sql server 2016, IIS serving about 10 websites, Sql Server Reporting Services and several other critical business services. Is part of a Windows Domain running on Azure.
I suspect this cert is in one of the Service Account stores?
How can I find information on this cert like Expiry Date, issuing Authority, etc so I can have more confidence that it can be safely removed? Or am I being over-cautious... if I delete and then immediatley replace the cert binding to ipport=0.0.0.0:443, would this be ok?
Thanks.
I have resolved the problem. I found the following link;
https://businesswintelligence.com/content/60/troubleshooting-ssl-binding-ssrs
Pedro Salinas-Ruiz comments;
Usually, this happens when you delete a certificate before unbinding it (in my anecdotal experience, anyway). The solution is very simple. You manually delete the binding.
netsh http delete sslcert ipport=0.0.0.0:443
netsh http delete sslcert ipport=[::]:443
That comment explained how the problem came about and gave me the confidence to run the delete commands. New cert could then be added with out error.