Configure Reporting Services to Use a Subject Alternative Name
Applies To: SQL Server 2016
This topic explains how to configure Reporting Services (SSRS) to use a subject alternative name (SAN) by modifying the rsreportserver.config file and using the Netsh.exe tool.
|Applies to: Reporting Services Native mode|
The instructions apply to the Reporting Service URL as well as a Web Service URL.
To use a SAN, the SSL certificate must be registered on the server, signed, and have the private key. You cannot use a self-signed certificate
URLs in Reporting Services can be configured to use an SSL certificate. A certificate normally has just a subject name, which allows only one URL for an SSL (Secure Sockets Layer) session. The SAN is an additional field in the certificate that allows an SSL service to listen and be valid for many URLs, and to share the SSL port with other applications. The SAN looks something like the following: www.s2.com.
For more information about SSL settings for Reporting Services, see Configure SSL Connections on a Native Mode Report Server.
Start Reporting Services Configuration Manager.
For more information, see Reporting Services Configuration Manager (Native Mode).
On the Web Service URL page, select an SSL port and SSL Certificate.
The configuration manager registers the SSL certificate for the port.
Open the rsreportserver.config file.
For SSRS Native mode, the file is located by default in the following folder.
\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer
Copy the URL section for the Report Server Web Service application.
For example, the following is the original URL section.
<URL> <UrlString>https://localhost:443</UrlString> <AccountSid>S-1-5-20</AccountSid> <AccountName>NT Authority\NetworkService</AccountName> </URL>
The following is the modified URL section.
<URL> <UrlString>https://www.s1.com:443</UrlString> <AccountSid>S-1-5-20</AccountSid> <AccountName>NT Authority\NetworkService</AccountName> </URL> <URL> <UrlString>https://www.s2.com:443</UrlString> <AccountSid>S-1-5-20</AccountSid> <AccountName>NT Authority\NetworkService</AccountName> </URL>
Save the rsreportserver.config file.
Start a command prompt as an administrator, and run the Netsh.exe tool.
Switch to the http context by typing the following.
Show the existing urlacls by typing the following.
Netsh http>show urlacl
An entry such as the following appears.
Reserved URL : https:// www.s1.com:443/ReportServer/ User: NT SERVICE\ReportServer Listen: Yes Delegate: No SDDL: D:(A;;GX;;;S-1-5-80-1234567890-123456789-123456789-123456789-1234567890)
An urlacl is a DACL (Discretionary Access Control List) for a reserved URL.
Create a new entry for the subject alternative name, with the same user and SDDL as the existing entry, by typing the following.
netsh http>add urlacl url=https://www.s2.com:443/ReportServer user="NT Service\ReportServer" sddl=D:(A;;GX;;;S-1-5-80-1234567980-12346579-123456789-123456789-1234567890)
On the Report Server Status page of the Reporting Services Configuration Manager, Click Stop and then click Start to restart the report server.
RsReportServer.config Configuration File
Reporting Services Configuration Manager (Native Mode)
Modify a Reporting Services Configuration File (RSreportserver.config)
Configure Report Server URLs (SSRS Configuration Manager)