question

SSRS-VS avatar image
0 Votes"
SSRS-VS asked SSRS-VS edited

I can't open my reports using IP: ERR_CERT_COMMON_NAME_INVALID

have embed my mobile reports in the views of my asp.net project like this:
<object class="responsive-iframe" data="https://localhost/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>
This works good if I put localhost. But if I want to put the ip of my pc instead:
<object class="responsive-iframe" data="https://192.168.?.?/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>
the report will not be display and I have this error: net::ERR_CERT_COMMON_NAME_INVALID

122247-imagen.png

I have add a https url, but it don't work:

122207-imagen.png

The localhost domain appear automatically and I can't put an ip. How can I solve this? We want to move the SSRS DB to production in order to allow the web application to connect to the server, and we need to use the IP host machine.

sql-server-reporting-services
imagen.png (52.5 KiB)
imagen.png (50.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cthivierge avatar image
0 Votes"
cthivierge answered SSRS-VS edited

When you are calling a HTTPS web site, the remote server will validate the request and the name must match either the certificate common name or one of the SAN (Subject Alternate Name).

That being said, you should always access your website using a name and not an IP address

hth

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

But what exactly I have to do?
I don't know what I must do. I created an https url, and by default it puts localhost (image below). So what I have to do? Ip, name.... it doesn't matter. I can't connect

0 Votes 0 ·

From what i can see, it's working well if you access your report using either your computer name or the localhost, am i right ?

It is possible to add an IP address to a certificate but it's not recommended. If it's only for testing purpose, you can create another self-signed certificate and add the IP Address as a SAN to the certificate.

the following command should work

(replace the ipaddress with your local ip)

New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.44 -CertStoreLocation "cert:\LocalMachine\My"

then you will have to bind the new certificate using the report server configuration

hth

1 Vote 1 ·

I'm very noob with all this certificate.

1)No, I can't enter using my computer name, only localhost (if I use https)

2) I can see the reports using localhost, name or IP if I write it directly in the browse. The problem is opening inside my web project (?rsembed=true) with https

2)I try this: New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.6 -CertStoreLocation "cert:\LocalMachine\My" and when I want to select the certificated in SSRS configuration manager I get this error:

Microsoft.ReportingServices.WmiProvider.WMIProviderException: El certificado no es de confianza. <<(My traduction: The certificate is not trusted)>>

---> System.Runtime.InteropServices.COMException: Código de error de entrada manuscrita de TabletPC. La propiedad no se encontró o el reconocedor no la admite (Excepción de HRESULT: 0x80040241)
--- Fin del seguimiento de la pila de la excepción interna ---
en Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
en Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.CreateSSLCertificateBinding(String application, String certificateHash, String ipAddress, Int32 port)
en ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.CreateSSLCertificateBinding(UrlApplication app, String certificateHash, String ipAddress, Int32 port)

I mean, people have already do this, isn't? I'm trying to do te test connection in my pc, but lately we will connect to a remote machine where the server will be stored. A lot of people have do this.

0 Votes 0 ·
cthivierge avatar image
1 Vote"
cthivierge answered SSRS-VS edited

Well... a self-signed certificate is never trusted. If you want that your self-signed certificated to be trusted, you must add-it to the "Trusted Root Certification Authorities"

Follow these steps...

  1. Open the certlm.msc console

  2. Navigate to Personal / Certificates

  3. Select the certificate that has the same name for "issued to / issued by". Normally, the name should be your computer account

  4. Right click on the certificate and select All tasks / Export

  5. Click Next and select "No, do not export the private key" and click next

  6. let the default export file format and click next

  7. Select a folder location to export the file (it will be a .cer file)

  8. Click next and Finish

  9. Go back to the certlm.msc console and navigate to Trusted RootCertification Authorities / Certificates

  10. Right click on Certificates and click All Tasks / Import

  11. Click next and select the .cer file you have just exported

  12. Click next / next and finished

  13. Done

After that, go back to your Report Server configuration and repeat the same steps... it should work

hth



· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much for your help and pacience.

Now it work. I can open the certificate from configuration manager. Now I open the report from the view of my visual studio project. I put my machine name:

<object class="responsive-iframe" data="https://desktop-55d1qc3/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>

And I can see the report.
But if I put:

<object class="responsive-iframe" data="https://192.168.1.6/Reports/mobilereport/InversionesFinancieras/Informes/Informe Bonos?rs:embed=true"></object>

the error ERR_CERT_COMMON_NAME_INVALID appear again.

Ok, I could just let desktop-55d1qc3 but I'm afraid that desktop-55d1qc3 is the same as localhost, am I right? I mean, all that we have done will work for remote? Take in mind that all this is a test before move the server to production/remote.

0 Votes 0 ·

If you still want to use your computer name and ip address, you need to make another modification and it's in the reportserver.config file
By default, this file is in the "C:\Program Files\Microsoft SQL Server\MSRSxx.MSSQLSERVER\Reporting Services\ReportServer\reportserver.config"

Within that file, locate the section <URLReservations>

You should see something like <UrlString>https://YouServerName:443</UrlString>

Replace YourServerName for a +
This should look like this after the modification:

<UrlString>https://+:443</UrlString>

When completed, save the file and try again...

Keep in mind that if you want to have a working SSO, you will also have to add the IP address into the Local Intranet Sites (Internet Explorer). If you don't do that, you will be prompted for credentials

hth

0 Votes 0 ·

Didn't work. The error is the same:

122399-imagen.png

122441-imagen.png

122442-imagen.png


0 Votes 0 ·
imagen.png (27.7 KiB)
imagen.png (71.5 KiB)
imagen.png (3.9 KiB)
Show more comments
cthivierge avatar image
0 Votes"
cthivierge answered SSRS-VS commented

In that case, maybe the only choice is to use the name of your computer. But if you use a Self-Signed certificate, your remote computer will have to trust your self-signed certificate (adding the .cer to the Trusted Certification Authorities of the remote computers)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

But that name will be accesible for the "client computers"? I mean, what hapen if you have a remote server with same name? How will the browse know to the difference? Thats why I think that the certificate that we created only works in my pc, that is <object class="responsive-iframe" data="https://desktop-55d1qc3/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object> is the same as <object class="responsive-iframe" data="https://localhost/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>

So if I move the web project to other pc or the SSRS server to other pc, I don't know if will connect to the SSRS server.
I search a lot on google I can't find anything.

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered SSRS-VS edited

If it's only within your local network, you should not have duplicate computer name or you will have other issues, trust me ;)

Certificates are used to secure a connection between your clients and you server. If you are using a self signed certificate on your SSRS Server, you must export the public key (as i explained in a previous post) and import this public key (the .cer file) into the Trusted Root Certificate Authorities store of your client computers.

In your case, the "certificate authority" is the server itself so that's why all of your client computers must trust the self-signed certificate to be able to make a secure connection with the server.

Self-Signed certificate is ok if your in "development" mode on your computer. As soon as you are using a remote server and you have several clients, you should think about using certificates from either a public PKI or by building your internal PKI infrastructure.

Certificates (PKI) is a complex world that i cannot explain in detail in that post but to make a really short explanation... if you have a certificate on a web site that is published by a certificate authority (let say Entrust), all of your clients must trust this certificate authority (Entrust) to be able to make a secure connection with the web site.

hth

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

By the way.
I want to point that I can acces to http or https localhost, machine name or IP if I write it directly in the browse.
The problems come when I want to open the reprots inside the web project with ?embed=true.
If I use:
http://localhost -> good
http://machine name-> fail
http://ip-> fail
https://localhost -> good
https://machine name-> good
https://ip-> fail

When I use http://localhost it appear an error of mixed protocol (since the aspnet project is https) and convert the embeded url to https. But it cannot with IP.

What I mean is that somehow the problems comes with ?embed=true (and must be embeded since my boss don't want the client to leave the app on a new windows)

0 Votes 0 ·