Hi, I need some help on getting an SSL certificate for SQL Server Reporting Services. I've been trying to get it working but I find that the certificates that I import into the certificate store do not have a private key and therefor will not bind in Reporting Services. I have scoured the Internet in every which way and to my surprise, there seems to be no up to date directions for requesting and loading a certificate for an encrypted connection in the modern (post IIS) SSRS. I have been using the below process to create a csr which the security team uses to create a certificate.
Is the below process missing a step? If so what, if not, how do I bring the certificate that is issued to me into the certificate store so that it includes a private key?
I just can't seem to grap the process in any of the available documentation. Appreciate any help.
1. Open the management console (click Start > Search programs and files > mmc.msc).
2. Open your Local Computer certificates (click File > Add/Remove Snap-in... > Certificates > Computer account > Next > Local computer > Finish).
3. Select Certificates (Local Computer) > Personal > Certificates.
4. With the Certificates folder for the Local Computer highlighted, click Action > All Tasks > Advanced Operations > Create Custom Request. This will open the Certificate Enrollment wizard.
5. In the Certificate Enrollment wizard:
6. On the Select Enrollment Policy screen, under Custom Request, select Proceed without enrollment policy and click Next.
7. On the Custom request screen, for template, choose "(No template) Legacy key" from the drop-down menu, and leave "Suppress default extensions" unchecked.
8. For Request format, select PKCS#10.
9. Click Next.
10. On the Certificate Enrollment screen, click Details, then click Properties. This will open a Certificate Properties dialog box.
11. On the General tab, enter a Friendly name and Description for your certificate.
12. On the Subject tab
13. Select Common Name from the Type menu, enter your fully qualified DNS name for the value, and click "Add >".
14. Optionally, add Subject Alternative name values, if you need them.
15. On the Extensions tab
16. Expand "Key usage" and add "Digital signature" to the selected options, and verify that "Make these key usages critical" is checked.
17. Expand "Extended Key Usage (application policies)" and add "Server Authentication" and "Client Authentication" to the selected options, and verify that "Make the Extended Key Usage critical" is checked.
18. On the Private Key tab
19. Expand Cryptographic Service provider and uncheck "Microsoft Strong Cryptographic Provider (Signature)".
20. Check box for "Microsoft RSA Schannel Cryptographic Provider"
21. Expand Key Options and select "2048" from the Key size drop-down menu.
22. PK use: Exchange
23. If you will need to export the certificate to use on another host, select "Make private key exportable".
24. Click OK.
25. On the Certificate Enrollment screen, click Next.
26. Enter a file name for your CSR (e.g. certname.req), click Enter
27. Select "Base 64" as the File Format.
28. Click Finish.