none
Cannot update SSL certificate for SQL 2k8 R2 SSRS

    Question

  • We have a SSL certificate bound to 443 for the Web Service URL.  It's going to expire in a month.  So I attempted to change the bindings to use a new certificate.  I get the following error and details:

    Create certificate binding.
    We were unable to create the certificate binding.

    Reserving url https://+:443
    The url was successfully reserved.

    Microsoft.ReportingServices.WmiProvider.WMIProviderException: An SSL binding already exists for the specified IP address and port combination.  The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.

     ---> System.Runtime.InteropServices.COMException (0x80040238): Exception from HRESULT: 0x80040238
       --- End of inner exception stack trace ---
       at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
       at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.CreateSSLCertificateBinding(String application, String certificateHash, String ipAddress, Int32 port)
       at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.CreateSSLCertificateBinding(UrlApplication app, String certificateHash, String ipAddress, Int32 port)

    I tried several different attempts including unbinding port 443 altogether and the same error occurs.  I am able to roll back to the original certificate.

     


    The Computer Shogun
    Sunday, March 06, 2011 2:51 AM

Answers

  • Hi Jaxdagger,

    Open the Reporting Services configuration tool, stop and start the services in the Instance page. Then, go to the Web Sevice URL page and select the certificate you want and apply the setting.

    thanks,
    Jerry

    Tuesday, March 08, 2011 10:24 AM

All replies

  • Hi,

    Can you check  private key is included properly in the certificate... maybe the former certificate export hadn't selected "enable export"


    Regards, PS
    Sunday, March 06, 2011 5:04 AM
  • Hi Jaxdagger,

    Open the Reporting Services configuration tool, stop and start the services in the Instance page. Then, go to the Web Sevice URL page and select the certificate you want and apply the setting.

    thanks,
    Jerry

    Tuesday, March 08, 2011 10:24 AM
  • I am doing the same thing and I get the same error as the OP stated. stopping and starting the instance as suggested does not help. when I select the new SSL cert after doing that it still returns the same error - Create certificate binding. We were unable to create the certificate binding.
    • Edited by am777 Wednesday, December 07, 2011 3:09 AM
    Wednesday, December 07, 2011 3:08 AM
  • I found this - http://thinknook.com/ssrs-ssl-certificate-nightmare-2011-06-28/ it says to do this -

    netsh http delete sslcert ipport=[::]:443

    which would help remove/delete the existing binding but it is for Windows 2008 OS,

    the commands don't work in Win 2003, which is what i have..... so am still stuck 

    Wednesday, December 07, 2011 3:25 AM
  • ok spoke to a friend who had faced this issue in the past and he had to open a MS support case to get the fix, so here's the fix for windows 2003 -

    you need to use httpcfg (from Windows 2003 Support Tools) to delete/remove the "rogue" binding that does not get removed by the reporting services config tool.....

     

    first i did a query, it showed me the rogue binding -

     

     

    C:\>httpcfg query ssl

        IP                      : 0.0.0.0:443

        Hash                    : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

        Guid                    : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

        CertStoreName           : (null)

        CertCheckMode           : 0

        RevocationFreshnessTime : 0

        UrlRetrievalTimeout     : 0

        SslCtlIdentifier        : (null)

        SslCtlStoreName         : (null)

        Flags                   : 0

    ------------------------------------------------------------------------------

     

    so then i deleted it -

     

    C:\>httpcfg delete ssl /i 0.0.0.0:443

    HttpDeleteServiceConfiguration completed with 0.

     

    after doing this i was able to select and add the new ssl cert thru the config tool.

     

     

    • Proposed as answer by Naomi N Wednesday, December 07, 2011 4:13 AM
    Wednesday, December 07, 2011 4:06 AM
  • This worked for me. Thank you very much.
    Saturday, January 04, 2014 6:24 PM