Skip to main content

Generate Self-signed SSL Certificate for SSRS

Overview

Netwrix Auditor uses SQL Server Reporting Services (SSRS) to generate reports. In environments with Netwrix Auditor and SSRS installed on different servers, you should use a secure communication channel. This article covers the steps to generate self-signed certificates to use in SSRS.

Instructions

NOTE: If your self-signed certificate expires, it is reissued upon a reboot.

Refer to the following steps to generate a self-signed certificate:

  1. On your SSRS server, run an elevated PowerShell instance.

  2. Create a new certificate in the local My store and save the created certificate to a variable for further export:

$Certificate = New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -dnsname "%server_name%""

Replace %server_name% with the FQDN of your SSRS server.

  1. Run the following line to specify the target path for the certificate:
$file="C:\temp\cert_for_ssrs.pfx"

IMPORTANT: The target folder should exist.

  1. Run the following line to specify the password for the certificate:
$pwd=ConvertTo-SecureString "%CERTIFICATE_PASSWORD%" -asplainText -force

Copy the certificate password for future steps.

  1. Run the following lines to import the certificate to the trusted certificate store. Export the certificate using the previously created variable:
Export-PFXCertificate -Cert $Certificate -FilePath $file -Password $pwd
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pwd
  1. Copy the certificate file to the Netwrix Auditor host server. Run the following line in an elevated Powershell instance to specify the path to the certificate:
$file="C:\temp\cert_for_ssrs.pfx"

Replace the placeholder path with an actual path.

  1. Run the following lines to import the certificate to the trusted certificate store on the Netwrix Auditor server.
$pwd=ConvertTo-SecureString "%CERTIFICATE_PASSWORD%" -asplainText -force
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pwd

Replace the %CERTIFICATE_PASSWORD% placeholder with an actual password.

  1. Import the certificate to all Netwrix Auditor client servers. Perform steps #6 and #7 on all Netwrix Auditor clients.

NOTE: If you deploy new Netwrix Auditor clients, deploy this certificate on all new servers.