If your Reporting Services is available over the Internet, you shouldn't even consider putting it out without requiring SSL, otherwise your username and password will be exposed without encryption. That's often easier said than done, especially because a certificate authenticated by a trusted authority is expensive and most companies don't want to purchase a certificate for every development/staging/QA server in their environment. While you can generate your own certificates with a server that has the Certificate Authority services installed, such certificates are not considered fully trusted because they haven't being issued by a trust authority going all the way to “the root”. You might recall that if a browser detects a certificate that's not totally kosher (it could be expired, issued to a different computer or issued by a non-trusted authority), it pops up a dialog and gives you the option to use or not use the certificate.
If you use such certificate with Report Server, it's likely that you will get this error:
The underlying connection was closed: Could not establish trust relationship with remote server.
This error is common if a client application calls a web service via SSL and the certificate is not fully trusted. Even though you generated a certificate on the same network, the full trust is missing because your certificate server is not trusted by a root authority. If you're using a custom client application, you can use the workaround described in the Q823177 article and implement the ICertificatePolicy such that the CheckvalidationResult method always validates the certificate. This workaround doesn't help you though if you're using Report Manager because you can't really modify the source code in the application. But luckily there is another workaround that I discovered after many hours of trial and error - Reporting Services will use a certificate if it was generated on the SAME server where the IIS part of RS is running. So if you run into this problem, install the Certificate Authority component on the IIS server and use a certificate generated by that service.
Next week I'll discuss additional issues you may run into when using SSL with Reporting Services.