Question

I m trying to configure SSRS with SSL, when I try to add my SSL Cert via Reporting Services Configuration Manager, I get the following error; Microsoft.ReportingServices.WmiProvider.WMIProviderException: An HTTPS binding already exists for the specified IP address and port combination. The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.

There are no existing Certs in Web Service URL or Web Portal URL configuration, so went hunting... I found out SSRS SSL will bind to ipport=0.0.0.0:443

When I run; netsh http show sslcert ipport=0.0.0.0:443

我确实发现有ert;

IP:port                      : 0.0.0.0:443
Certificate Hash             : 37ae2ab1e2968f04bacdcb43e1ce3597da208b8d
Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name       : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check                  : Enabled
Revocation Freshness Time    : 0
URL Retrieval Timeout        : 0
Ctl Identifier               : (null)
Ctl Store Name               : (null)
DS Mapper Usage              : Disabled
Negotiate Client Certificate : Disabled
Reject Connections           : Disabled
Disable HTTP2                : Not Set

I tried finding out more info about this cert via various powershell commands, but I cant find any reference to it. I searched results from following; netsh http show sslcert

<编码> Get-Child 项目 Cert: -Recurse

certutil -store My certutil -store Root certutil -store Trust certutil -store CA certutil -store Request certutil -store OtherPeople certutil -store AuthRoot certutil -store TrustedPeople

I searched entire registry for the Certificate Hash but nothing. I searched for the hash using MMC, in Local Computer and Current User

I know I can run;
netsh http delete sslcert ipport=0.0.0.0:443 to clear the error, but I m scared I m going to break somehting. I m out of my expertiese depth at this point. This server is running sql server 2016, IIS serving about 10 websites, Sql Server Reporting Services and several other critical business services. Is part of a Windows Domain running on Azure.

我怀疑这种ert子是否属于发展账户的一个仓库?

How can I find information on this cert like Expiry Date, issuing Authority, etc so I can have more confidence that it can be safely removed? Or am I being over-cautious... if I delete and then immediatley replace the cert binding to ipport=0.0.0.0:443, would this be ok?

感谢。

Answer 1

我已经解决这个问题。我发现以下联系:

https://businesswintelligence.com/content/60/troubleshooting-ssl-binding-ssrs

Pedro Salinas-Ruiz comments;
Usually, this happens when you delete a certificate before unbinding it (in my anecdotal experience, anyway). The solution is very simple. You manually delete the binding.

netsh http delete sslcert ipport=0.0.0.0:443
netsh http delete sslcert ipport=[::]:443

该评论解释了问题是如何产生的,并赋予我管理删除指令的信心。之后,可以加上出错。

友情链接