Klicke hier für den deutschen Artikel.

Introduction

Configuring SSL for the Report Server in IIS ensures secure data transmission, especially for sensitive information such as passwords or configuration data. Without SSL, this data would be transmitted unencrypted over the network, posing a serious security risk.

This article describes the manual configuration of SSL in the IIS Manager for the Report Server.

Prerequisites

Before starting the setup, the following requirements must be met:

• Access to the IIS Manager with administrative privileges
• A valid SSL certificate, either issued by a Certificate Authority (CA) or generated internally
• Access to the Report Server website in IIS
• Basic knowledge of IIS administration

Procedure

1. Obtain an SSL Certificate

To enable HTTPS, an SSL certificate is required. Such a certificate can be obtained in different ways:

External Certificate Authorities

A certificate can usually be purchased from a trusted Certificate Authority (CA). Well-known providers include:

• DigiCert
• GlobalSign
• Let’s Encrypt (free, requires regular renewal: https://letsencrypt.org/)
• RapidSSL

Internal Certificate Authority

If the organization operates its own Windows Certificate Authority (Active Directory Certificate Services), an internal certificate can also be created. However, this must be manually installed on all clients using the Report Server or distributed via Group Policy (GPO).

Self-Signed Certificates (for testing only)

For testing or development purposes, a self-signed certificate can be used. However, this is not suitable for production use, as it is not signed by an official Certificate Authority and may result in browser security warnings.

2. Install the Certificate in IIS

Once an SSL certificate has been obtained, it must be installed in IIS as follows:

1. Open IIS Manager
   Press Windows Key + R, enter inetmgr, and confirm with Enter.

2. Open Server Certificates

   • In the left tree structure, select the server name.
   • In the center panel, double-click Server Certificates.

3. Import or Create a Certificate

   • If an existing certificate is to be imported, click Import and select the certificate file.
   • If a new certificate is to be created, click Create Domain Certificate and enter the required information.
   • Alternatively, for internal tests, a self-signed certificate can be generated using Create Self-Signed Certificate.

3. Enable HTTPS Binding

To make the Report Server website accessible via HTTPS, an HTTPS binding must be configured:

1. Navigate to the Report Server Website
   In IIS Manager, select the Report Server website in the left tree structure.

2. Open Bindings
   Click Bindings... on the right-hand side.

3. Add a New HTTPS Binding

   • Click Add...
   • For Type, select https
   • Select the previously imported certificate
   • If required, select a specific IP address or leave it as All Unassigned
   • Enter the default HTTPS port (443)
   • Click OK and save the changes

4. Enforce SSL Connection (Recommended)

We recommend enforcing SSL so that unencrypted HTTP requests are automatically redirected to HTTPS:

1. Open SSL Settings

   • In IIS Manager, select the Report Server website
   • In the center panel, double-click SSL Settings

2. Enable SSL

   • Check Require SSL
   • Click Apply to save the changes

3. Redirect HTTP to HTTPS (Recommended)

   • We recommend configuring a redirect so that HTTP requests are automatically forwarded to HTTPS
   • This is done using URL Rewrite Rules in IIS

5. Mixed Mode (Optional Configuration)

If both HTTP and HTTPS are to be used, the so-called mixed mode can be configured:

• Set up both an HTTP and an HTTPS binding in parallel
• On the application side, SSL can be enforced for specific pages by using the RequireHttps attribute in ASP.NET MVC
• More information is available here: https://stackoverflow.com/questions/1639707/asp-net-mvc-requirehttps-in-production-only