SSRS/PBI Report server still linked to old certificate even after binding new certificate

Ayman Achoua 11 Reputation points
2022-07-13T01:29:23.58+00:00

Hello,

I have some trouble changing a certificate for Power BI (or SSRS) Report Server.

The current certificate was due to expire on 12 July 2022, so i had to renew it.

After getting the new certificate, i added it to the MMC console (with private key, verified) and deleted the old certificate.
Next, i went to Report server configuration manager and successfully selected the new certificate and binded it to the web service URL and web portal URL as no errors were shown after i pressed 'Apply'.

But when i came back to the report website for testing, it showed a warning on certificate expiration, and after checking the hash, it seems that the website is still linked to the old certificate.

I tried restarting the service, and also rebooted the server. But, i still have the problem.

Any help would be appreciated.
Windows Server 2016 / SQL Server 2018

Thank you
Ayman

SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
2,960 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,874 questions
0 comments No comments
{count} vote

5 answers

Sort by: Most helpful
  1. Joyzhao-MSFT 15,601 Reputation points
    2022-07-13T02:42:42.36+00:00

    Hi @Ayman Achoua ,
    This behavior may have occurred because you deleted the old certificate without unbinding the certificate.

    If you configure a binding with a TLS/SSL certificate in Reporting Services and you later want to remove the certificate from the computer, make sure to remove the binding from Reporting Services before you remove the certificate from the computer. Otherwise, you will be unable to remove the binding by using the Reporting Services Configuration tool or WMI and you will receive an "Invalid parameter" error. If you have already removed the certificate from the computer, you can use the Httpcfg.exe tool to remove the binding from HTTP. SYS.

    TLS bindings are a shared resource in Microsoft Windows. Changes made by Reporting Services Configuration Manager or other tools like IIS Manager can impact other applications on the same computer. It is a best practice to use the same tool to edit bindings that you used to create the bindings. For example if you created TLS bindings using Configuration Manager, then it is recommended you use Configuration Manager to manage the life cycle of the bindings. If you use IIS manager to create bindings, then it is recommended you use IIS manager to manage the life cycle of the bindings.

    Keep these simple steps in mind when renewing a certificate.

    • Do not delete the old certificate until AFTER the old certificate has been unbound.
    • Delete the bindings from the Report Manager Configuration Manager for the "Web Portal URL" first. Delete the bindings from "Web Service URL" second.
    • Add the new bindings to "Web Service URL" third. Add the new bindings to "Web Portal URL" fourth.

    For more information, please refer to: Configure TLS connections on a native mode report server.

    Best Regards,
    Joy


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  2. Bala Gopal KANURI 5 Reputation points
    2024-01-08T14:22:54.5466667+00:00

    Hi,

    My issue also similar to the above, I added the new certificate for Power BI (or SSRS) Report Server.

    The current certificate was about to expire on 2nd Feb 2024, so i had to renew it. I have successfully imported the new certificate in the certificate folder and when it comes to Power BI report server configuration manager part, i followed this process clicked on advanvced option and and selected the add option and added the new certificate but i am getting error the error as create certificate binding as shown in below screenshot.how can i resolve this error and add the new certificate which i have imported

    1 person found this answer helpful.

  3. Limitless Technology 39,741 Reputation points
    2022-07-13T15:23:07.2+00:00

    Hi there,

    It is suggested that you review your certificate to make sure it is valid. You can do so following these steps:

    -Right click the start button > Select "Run" > Type in "mmc.exe" and hit enter
    -Click File > Select Add or Remove Snap-ins
    -Select the Certificates snap-in and click add
    -Choose Computer account > Local computer
    -Select OK
    -Browse to the Console Root > Certificates > Personal folder.

    This brings you to the local system's personal store of certificates. Your certificate should be imported here

    I hope this information helps. If you have any questions please let me know and I will be glad to help you out.

    -----------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  4. ZoeHui-MSFT 38,871 Reputation points
    2022-07-19T08:04:16.3+00:00

    Hi @Ayman Achoua ,

    It seems that the process of your certificate deletion binding is not correct. If you bind a TLS/SSL certificate in Reporting Services and then want to delete it, you need to delete the binding from Reporting Services and then delete the certificate from the computer. If you have removed the certificate from your computer, you can use the Httpcfg.exe tool to remove bindings from HTTP.SYS.

    If you want to know more details, you can refer to this link: https://learn.microsoft.com/en-us/sql/reporting-services/security/configure-ssl-connections-on-a-native-mode-report-server?view=sql-server-ver16.

    Regards,

    Zoe


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  5. Danilo Ho 0 Reputation points
    2024-12-09T19:01:50.06+00:00

    Hi, I know this thread is old, but to whoever finds this thread, I solved the problem changing the certificate binding with netsh

    First copy the application ID of the bindings with the command: netsh http show sslcert

    User's image

    Then, you can remove with the commands:

    netsh http delete sslcert ipport=0.0.0.0:443

    netsh http delete sslcert ipport=<ip address>:443

    And bind the new certificate:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=<thumbprint of the new certificate> appid={1d40ebc7-1983-4ac5-82aa-1e17a7ae9a0e}

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.