I can't open my reports using IP: ERR_CERT_COMMON_NAME_INVALID

Question

I can't open my reports using IP: ERR_CERT_COMMON_NAME_INVALID

SSRS-VS 46

have embed my mobile reports in the views of my asp.net project like this:
<object class="responsive-iframe" data="https://localhost/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>
This works good if I put localhost. But if I want to put the ip of my pc instead:
<object class="responsive-iframe" data="https://192.168.?.?/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>
the report will not be display and I have this error: net::ERR_CERT_COMMON_NAME_INVALID

I have add a https url, but it don't work:

The localhost domain appear automatically and I can't put an ip. How can I solve this? We want to move the SSRS DB to production in order to allow the web application to connect to the server, and we need to use the IP host machine.

4 answers

Your answer

Answer 1

Charles Thivierge 4,171

Well... a self-signed certificate is never trusted. If you want that your self-signed certificated to be trusted, you must add-it to the "Trusted Root Certification Authorities"

Follow these steps...

Open the certlm.msc console
Navigate to Personal / Certificates
Select the certificate that has the same name for "issued to / issued by". Normally, the name should be your computer account
Right click on the certificate and select All tasks / Export
Click Next and select "No, do not export the private key" and click next
let the default export file format and click next
Select a folder location to export the file (it will be a .cer file)
Click next and Finish
Go back to the certlm.msc console and navigate to Trusted RootCertification Authorities / Certificates
Right click on Certificates and click All Tasks / Import
Click next and select the .cer file you have just exported
Click next / next and finished
Done

After that, go back to your Report Server configuration and repeat the same steps... it should work

hth

SSRS-VS 46 Reputation points

2021-08-11T15:11:46.407+00:00

Thank you so much for your help and pacience.

Now it work. I can open the certificate from configuration manager. Now I open the report from the view of my visual studio project. I put my machine name:

<object class="responsive-iframe" data="https://desktop-55d1qc3/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>

And I can see the report.
But if I put:

<object class="responsive-iframe" data="https://192.168.1.6/Reports/mobilereport/InversionesFinancieras/Informes/Informe Bonos?rs:embed=true"></object>

the error ERR_CERT_COMMON_NAME_INVALID appear again.

Ok, I could just let desktop-55d1qc3 but I'm afraid that desktop-55d1qc3 is the same as localhost, am I right? I mean, all that we have done will work for remote? Take in mind that all this is a test before move the server to production/remote.
Charles Thivierge 4,171 Reputation points

2021-08-11T15:55:44.77+00:00

If you still want to use your computer name and ip address, you need to make another modification and it's in the reportserver.config file
By default, this file is in the "C:\Program Files\Microsoft SQL Server\MSRSxx.MSSQLSERVER\Reporting Services\ReportServer\reportserver.config"

Within that file, locate the section <URLReservations>

You should see something like <UrlString>https://YouServerName:443</UrlString>

Replace YourServerName for a +
This should look like this after the modification:

<UrlString>https://+:443</UrlString>

When completed, save the file and try again...

Keep in mind that if you want to have a working SSO, you will also have to add the IP address into the Local Intranet Sites (Internet Explorer). If you don't do that, you will be prompted for credentials

hth
SSRS-VS 46 Reputation points

2021-08-11T16:17:41.863+00:00

Didn't work. The error is the same:
Charles Thivierge 4,171 Reputation points

2021-08-11T16:39:12.683+00:00

What is the error you receive ?
SSRS-VS 46 Reputation points

2021-08-11T16:58:28.657+00:00

ERR_CERT_COMMON_NAME_INVALID

The view of my asp-mvc project appear in white. But if i press f12 I can see the error

By the way, I said that I could select the trusted certificated, but when I opened, I have to "accept risk and add the exception". So even I can open (open in the browse, not inside my web project) the "new" https url whit my machine name it says that it's not secure:

Answer 2

Charles Thivierge 4,171

When you are calling a HTTPS web site, the remote server will validate the request and the name must match either the certificate common name or one of the SAN (Subject Alternate Name).

That being said, you should always access your website using a name and not an IP address

hth

SSRS-VS 46 Reputation points

2021-08-11T12:58:09.337+00:00

But what exactly I have to do?
I don't know what I must do. I created an https url, and by default it puts localhost (image below). So what I have to do? Ip, name.... it doesn't matter. I can't connect
Charles Thivierge 4,171 Reputation points

2021-08-11T13:11:23.353+00:00

From what i can see, it's working well if you access your report using either your computer name or the localhost, am i right ?

It is possible to add an IP address to a certificate but it's not recommended. If it's only for testing purpose, you can create another self-signed certificate and add the IP Address as a SAN to the certificate.

the following command should work

(replace the ipaddress with your local ip)

New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.44 -CertStoreLocation "cert:\LocalMachine\My"

then you will have to bind the new certificate using the report server configuration

hth
SSRS-VS 46 Reputation points

2021-08-11T14:08:48.077+00:00

I'm very noob with all this certificate.

1)No, I can't enter using my computer name, only localhost (if I use https)

2) I can see the reports using localhost, name or IP if I write it directly in the browse. The problem is opening inside my web project (?rsembed=true) with https

2)I try this: New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.6 -CertStoreLocation "cert:\LocalMachine\My" and when I want to select the certificated in SSRS configuration manager I get this error:

Microsoft.ReportingServices.WmiProvider.WMIProviderException: El certificado no es de confianza. <<(My traduction: The certificate is not trusted)>>

---> System.Runtime.InteropServices.COMException: Código de error de entrada manuscrita de TabletPC. La propiedad no se encontró o el reconocedor no la admite (Excepción de HRESULT: 0x80040241)
--- Fin del seguimiento de la pila de la excepción interna ---
en Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
en Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.CreateSSLCertificateBinding(String application, String certificateHash, String ipAddress, Int32 port)
en ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.CreateSSLCertificateBinding(UrlApplication app, String certificateHash, String ipAddress, Int32 port)

I mean, people have already do this, isn't? I'm trying to do te test connection in my pc, but lately we will connect to a remote machine where the server will be stored. A lot of people have do this.

Answer 3

Charles Thivierge 4,171

In that case, maybe the only choice is to use the name of your computer. But if you use a Self-Signed certificate, your remote computer will have to trust your self-signed certificate (adding the .cer to the Trusted Certification Authorities of the remote computers)

SSRS-VS 46 Reputation points

2021-08-11T17:33:41.317+00:00

But that name will be accesible for the "client computers"? I mean, what hapen if you have a remote server with same name? How will the browse know to the difference? Thats why I think that the certificate that we created only works in my pc, that is <object class="responsive-iframe" data="https://desktop-55d1qc3/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object> is the same as <object class="responsive-iframe" data="https://localhost/Reports/mobilereport/MyReports/Report1?rs:embed=true"></object>

So if I move the web project to other pc or the SSRS server to other pc, I don't know if will connect to the SSRS server.
I search a lot on google I can't find anything.

Answer 4

If it's only within your local network, you should not have duplicate computer name or you will have other issues, trust me ;)

Certificates are used to secure a connection between your clients and you server. If you are using a self signed certificate on your SSRS Server, you must export the public key (as i explained in a previous post) and import this public key (the .cer file) into the Trusted Root Certificate Authorities store of your client computers.

In your case, the "certificate authority" is the server itself so that's why all of your client computers must trust the self-signed certificate to be able to make a secure connection with the server.

Self-Signed certificate is ok if your in "development" mode on your computer. As soon as you are using a remote server and you have several clients, you should think about using certificates from either a public PKI or by building your internal PKI infrastructure.

Certificates (PKI) is a complex world that i cannot explain in detail in that post but to make a really short explanation... if you have a certificate on a web site that is published by a certificate authority (let say Entrust), all of your clients must trust this certificate authority (Entrust) to be able to make a secure connection with the web site.

hth

SSRS-VS 46 Reputation points

2021-08-11T19:13:35.487+00:00

By the way.
I want to point that I can acces to http or https localhost, machine name or IP if I write it directly in the browse.
The problems come when I want to open the reprots inside the web project with ?embed=true.
If I use:
http://localhost -> good
http://machine name-> fail
http://ip-> fail
https://localhost -> good
https://machine name-> good
https://ip-> fail

When I use http://localhost it appear an error of mixed protocol (since the aspnet project is https) and convert the embeded url to https. But it cannot with IP.

What I mean is that somehow the problems comes with ?embed=true (and must be embeded since my boss don't want the client to leave the app on a new windows)

Share via

I can't open my reports using IP: ERR_CERT_COMMON_NAME_INVALID

4 answers

Your answer