Certify the Web Script to Update SQL Reporting Services

# Certify the Web passes $result automatically - no cert lookup needed
$thumbprint = $result.ManagedItem.CertificateThumbprint.ToLower()




$ssrsServerName = (Get-WmiObject -namespace root\Microsoft\SqlServer\ReportServer -class __Namespace | 
    Select-Object -First 1).Name

$wmiName = (Get-WmiObject -namespace root\Microsoft\SqlServer\ReportServer -Filter "Name='$ssrsServerName'" -class __Namespace).Name
$version = (Get-WmiObject -namespace root\Microsoft\SqlServer\ReportServer\$wmiName -class __Namespace).Name
$rsConfig = Get-WmiObject -namespace "root\Microsoft\SqlServer\ReportServer\$wmiName\$version\Admin" -class MSReportServer_ConfigurationSetting

$applications = @('ReportServerWebApp', 'ReportManager', 'ReportServerWebService')

$bindings = $rsConfig.ListSSLCertificateBindings(1033)
$httpsPort = 443
$ipAddress = "0.0.0.0"

# Read port from existing IPv4 binding if present
if ($bindings -and $bindings.Application) {
    for ($i = 0; $i -lt $bindings.Application.Count; $i++) {
        if ($bindings.Application[$i] -eq 'ReportServerWebService' -and $bindings.IPAddress[$i] -eq '0.0.0.0') {
            $httpsPort = $bindings.Port[$i]
        }
    }

    # Remove only IPv4 bindings for our target applications
    $allThumbs = $bindings.CertificateHash | Where-Object { $_ } | Select-Object -Unique
    foreach ($thumb in $allThumbs) {
        foreach ($app in $applications) {
            $rsConfig.RemoveSSLCertificateBindings($app, $thumb, $ipAddress, $httpsPort, 1033) | Out-Null
        }
    }
}

# Bind new cert to IPv4 only
foreach ($app in $applications) {
    $r = $rsConfig.CreateSSLCertificateBinding($app, $thumbprint, $ipAddress, $httpsPort, 1033)
    if ($r.HRESULT -ne 0) { throw "Failed to bind $app : HRESULT $($r.HRESULT)" }
}

Write-Host "SSRS SSL certificate updated successfully."
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely