Recently, I've been working on creating a basic reporting infrastructure. For simplicity's sake, we're leveraging Log Shipping on a relatively small application database using SQL Server 2008 R2. (Note: since this second instance is in active use, a second SQL Server license is required.)
Since we have a server naming convention that states if the server's role is replaced, the new host must have a different name, I want to make that transition transparent in the future. I thought, let's leverage CNAMEs. I created a new CNAME record in our internal DNS and aliased the actual host name.
Now, we wanted to force clients to only use HTTPS when connecting to SSRS, so I needed to get a certificate issued and installed and setup bindings. Since this is for internal use and we have an Enterprise CA deployed, it was just a matter of requesting a certificate, except that I couldn't request a certificate based on the Web Server properties via the Computer certificate store.
|Certificate Templates on my Enterprise Certificate Authority|
A quick hop over the the CA to adjust the security permissions to add Domain Computers for enrollment and I could request what I needed.
|Adjusting security permissions for enrollment|
And now I can finally get what I need:
|Initiate a certificate request from the local Computer certificate store|
|Selecting a Web Server certificate|
|Adding my CNAME and SANs|
Post a Comment