question

SSRS-VS avatar image
0 Votes"
SSRS-VS asked BruceZhang-MSFT answered

How to configure SSL (HTTPS) certificates to see embeded SSRS reports inside a view of an asp-mv.net project

I have an asp-mvc.net project with visual studio. In the views I embeded the reports with the url to the SSRS web portal like this:

122569-imagen.png

Using html object tag and adding ?rs:embed=true

This worked good while I just connect to localhost. But when I wanted to change "localhost" for the IP of my pc (take in mind that this is a test, since lately we want to move the SSRS server and the reports to production/remote pc) the view of my web app appear in white. I then press F12 to know what is happening in the browse and it show an error of mixed protocols because the visual studio project is HTTPS and the URL of the reports is HTTP. For localhost, the browse make a transformation an convert the url from http to https. Ok.


122644-imagen.png


But if instead of localhost I write my IP, the browse will not convert the url to https and will block the report:

122596-imagen.png


Ok. Then I go to SSRS configuration manager and I create a HTTPS url:

122662-imagen.png

Then change the URL of my reports to https:

122606-imagen.png

Now I run my project and open the views. If the url is localhost, the error of converting from http to https disappear and continue to show correctly the reports embeded. But If I change localhost for my IP:

122538-imagen.png

Nothing will appear, the view will be white. Ok, I press F12 and see what the browse says:

FIREFOX: SSL_ERROR_BAD_CERT_DOMAIN
EDGE: ERR_NAME_NOT_RESOLVED
CHROME: ERR_CONNECTION_TIMED_OUT

122579-imagen.png
122634-imagen.png

And I'm blocked here. I don't know what to do. I tried to create my own certificate with New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.27-CertStoreLocation "cert:\LocalMachine\My" and even imnporting to certlm.msc console and navigate to Trusted RootCertification Authorities / Certificates. From ssrs configuration manager appear the new certificate, but the error message SSL_ERROR_BAD_CERT_DOMAIN/ERR_NAME_NOT_RESOLVED continues when I run the project.

Yes, I also try using the name of my machine instead of my IP, but it don't work since it's the same as localhost. It work good if I run locally the project. But If I want to connect from other machine (like virtual box) will not work using the name or IP.

I even try to change the file rsreportser.config and change the domain names by +:443 and nothing:

122540-imagen.png


More information: If I write the URL directly in the browse (even in virtual box!!) with http : http://192.168.1.27/Report/mobilereport/Myreports/Report1 it will work good. But if I write the url with https: https://192.168.1.27/Report/mobilereport/Myreports/Report1 in the browse (my pc or virtual box) it will appear an advise message of risk.

122686-imagen.png

I accept the risk and add the exception and then it will redirect to a page where says: "HTTP Error 404. The requested resource is not found".

122725-imagen.png

This happen if I write the url directly in the browse. If it's in the embeded url in my web project view the view will appear in white.
If I write directly https://localhost/Report/mobilereport/Myreports/Report1 or https://mydomain/Report/mobilereport/Myreports/Report1 wich are this ones:

122771-imagen.png

it works good (on my pc, in virtual box only works: http://192.168.1.27/Report/mobilereport/Myreports/Report1). The localhost:443 refers to the IIS Express Development Certificate that appear by default in the SSRS configuration manager. The mydomain:443 it's the one I created with the comand: New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.27-CertStoreLocation "cert:\LocalMachine\My" and then imnported to certlm.msc console / Trusted RootCertification Authorities / Certificates

In virtual box only works: http://192.168.1.27/Report/mobilereport/Myreports/Report1 ;;;; http://mydomain/Report/mobilereport/Myreports/Report1 or any url with https don't work. But remember that inside my web project I can't use http://192.168.1.27/Report/mobilereport/Myreports/Report1 due to mixed protocols.

I know the post is too long, but I wanted to give you all the information in order to make it easy.

Somebody knows how to solve this? Has anyone tried to embed reports inside a visual studio project? How I must configurate a SSL/HTTPS certificate to allow connections? How I create a SSL certificate for coneccting to SSRS server via HTTPS?









sql-server-reporting-serviceswindows-server-iisdotnet-aspnet-generaldotnet-aspnet-mvc
imagen.png (2.5 KiB)
imagen.png (28.1 KiB)
imagen.png (20.3 KiB)
imagen.png (245.2 KiB)
imagen.png (2.5 KiB)
imagen.png (2.4 KiB)
imagen.png (37.2 KiB)
imagen.png (119.4 KiB)
imagen.png (27.5 KiB)
imagen.png (105.9 KiB)
imagen.png (22.5 KiB)
imagen.png (35.9 KiB)
imagen.png (36.0 KiB)
imagen.png (12.7 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As explained in your other thread, the SSL certificate contains the issued to name. You configured "localhost" and the reason the IP address and mydomain causes a security warning. The URL domain does not match "localhost".


The 404 error can be to due not reserving the URL correctly in the configuration manager. Try removing all reservations then reconfiguring the reservations. Of course, fix the certificate first.


0 Votes 0 ·

I still don't get it " You configured "localhost" and the reason the IP address and mydomain causes a security warning. The URL domain does not match "localhost" ". Then how should I have created the SSL? I'm very new with all this about SSL and https certificates.

With the reservations I made a disaster at first, because I created a lot of certificated with the same name of my machine. But I delete all in power shell an rsreportreserver.config. Then I created again (using default IIE certificate and the one I created using New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.27-CertStoreLocation "cert:\LocalMachine\My"). But I don't know what I did wrong. I mean, I create a certificate, and then it appear in the drop down:

122823-imagen.png
122835-imagen.png

I just select it. This is how you reserv url, isn't? Or I'm missing something?

I repeat this process in two different pc and it happen the same: 1) https://192.168.1.27 not secure 2)accept risk 3) "HTTP Error 404. The requested resource is not found".

0 Votes 0 ·
imagen.png (24.4 KiB)

Certificates identify the site and provide encryption. Typically, the certificate comes from a certificate authority in response to a certificate signing request (CSR). The CSR process contains information like the common name (CN), country, organization, etc. This is information you provide to the certificate authority. For web sites, the CN is the domain name. Take a look at this site's certificate; CN = docs.microsoft.com.

The certificate is valid when the host name in the URL matches the CN.

You created a self-signed certificate, named the CN "localhost", then tried to access the site by IP which caused the browser warning.

This is how you reserv url, isn't?

The reporting services configuration manager reserves the URL and port.

There can be other issues with your configuration that we cannot see like having IIS and reporting services on the same machine. IIS might already have a site bound to the same and port; 443.


0 Votes 0 ·
Show more comments
BruceZhang-MSFT avatar image
0 Votes"
BruceZhang-MSFT answered BruceZhang-MSFT commented

Hi @SSRS-VS ,

I researched your issue and found some points.

First. From data of object I can know that it point to localhost, which means both Report Server Configuration Manager and application are on same machine. Projects in VS are generally https by default. If the url pointed to by the object is not in the same host (usually the URL is full: http://xxx.xx/yyy) and it is an http request, this will cause insecure information to appear in the browser. However, if the url is in the same host or use a relative URL(data="/yyy"), no error will be reported.

So this can explain why you use localhost, vs will not convert http to https. When you use IP, vs believes that the content in the object and application are on different hosts, and automatically converts http to https for security.

Second. The IP is not 192.... If another machine wants to access your machine, it should use IP 192..... But now, the request is send by machine to itself. It should be 127.0.0.1. So change it to 127.0.0.1 and try again. Otherwise set reporting services on another machine.

Third. The command you used to create certificate is wrong. Please refer to this docs about correct command. IP should not be the name and this make browser cannot distinguish.

 New-SelfSignedCertificate -DnsName "www.fabrikam.com", "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My"




If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang









· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I try https://127.0.0.1 and didn't work (ERR_NAME_NOT_RESOLVED).
Yes, SSRS and VS are in the same pc because we need to make test before move the SSRS server to production host.

I try this command: New-SelfSignedCertificate -DnsName "www.fabrikam.com", "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My" but it says it not secure and redirect me to "https://www.microsoft.com/es-es/" (in VS will appear an error). What should I write instead of "www.fabrikam.com", "www.contoso.com" ? I mean, I don't see in this command any IP parameter. If intead of "www.fabrikam.com", "www.contoso.com" I write www.mydomain.com how will relate that with my IP? How will VS in other pc connect to the SSRS?

Sorry about this, as I said I have only know a few concepts about how create SSL certificate. I'm bloqued with this for 3 days

0 Votes 0 ·

Hi @SSRS-VS ,

Did you try to use a relative URL? For example data="/reports/mobilereport/....".

The command I post is an example in docs. Maybe this make you misunderstand. "-DnsName" means sites using those domain will be protected by certificate. Due to I don't know your domain, I directly quoted the example in the document. The first domain of "-DnsName" means the issuer of this certificate. So it should be the domain you used to access the site. Don't forget to add it in hosts file. Otherwise if you still use https://localhost, it will still report unsecurity.

If I run the example command to create certificate. You can see that issuer is fabrikam. Sites using fabrikam and contoso will be protected and they are security.
123054-2021-08-13-164618.jpg
123055-2021-08-13-164636.jpg


0 Votes 0 ·
SSRS-VS avatar image
0 Votes"
SSRS-VS answered SSRS-VS edited

I found a way to solve this use: using http and allow in the browse site configuration to allow insecure content like this:
https://experienceleague.adobe.com/docs/target/using/experiences/vec/troubleshoot-composer/mixed-content.html?lang=en
But this is not correct, isn't?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BruceZhang-MSFT avatar image
0 Votes"
BruceZhang-MSFT answered

Hi @SSRS-VS ,

If you can ensure that the content in the object is safe, you can do that. But it is still not recommended. The more troublesome thing is that when other clients visit, you need to tell them how to set up their browsers to allow insecure content.

The best practice is to convert http to https. Or use https proxy.

Use a proxy to get insecure content, and then package the insecure content into the page.

There are multiple ways to configure https proxy. You can build your own server such as IIS as a proxy, or you can use the services of other providers as a proxy. Regarding https proxy, you can refer to this.

If the above two methods are not what you want, the last method is to abandon https and use http.



If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.


Best regards,
Bruce Zhang






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.