Requirements

  • A working installation of FogBugz On Site that is accessible over HTTP (for FogBugz 8.8.55 and below, see these instructions instead)
  • A valid SSL certificate (can be self signed if your FogBugz domain is the Common Name or Subject Alternate Name)
  • The SSL certificate must be imported to the FogBugz server

Enabling FogBugz On Site to accept HTTPS requests

  1. In IIS Manager, create a binding on the FB GEN ALL site. Use these settings:
    1. Type: https
    2. Port: 443
    3. Host name: your FogBugz domain
    4. Certificate: the SSL certificate you have previously imported
  2. Verify that the binding is working by pointing your web browser to the HTTPS version of the site.
  3. In the appropriate FogBugz trial database (the default for this is trial1), run the following to update the prefix for URL’s in outgoing emails:
    UPDATE Setting SET sValue = replace(sValue, 'http:', 'https:'WHERE sKey = 'sUrlPrefixEmail';
  4. Go to your site via HTTPS.
  5. Verify that you can load your filters and get the expected results.

Forcing HTTP requests to use HTTPS

  1. Complete the steps above to allow HTTPS connections to your site.
  2. In the registry settings for HKEY_LOCAL_MACHINE\SOFTWARE\Fog Creek Software\FogBugz\<your_install_path>, set the values for fForceHTTPS and fSSLOverride to 1.
  3. Set up IIS to force all HTTP (port 80) requests to be HTTPS (port 443) requests, unless the request is from localhost:

    1. Ensure HTTP Redirection is enabled (Server Manager > Manage > Add Roles and Features > Web Server (IIS) > Web Server > Common HTTP Features > HTTP Redirect)
      image1
    2. Configure the FB GEN ALL website to bind on localhost:80 and {your_fogbugz_fqdn}:443 (optionally restricting IP Address for :80 and/or :443 or binding on all hosts for :443 depending on the environment).
      image2
    3. Create a new website which will redirect {your_fogbugz_fqdn}:80 traffic to {your_fogbugz_fqdn}:443
      1. Physical path can be the default wwwroot path (or anywhere else on disk)
      2. Bind on {your_fogbugz_fqdn}:80
        image3
      3. Configure an HTTP Redirect (IIS Manager > {Your redirect site} > IIS > HTTP Redirect) to the HTTPS variant of your FogBugz FQDN
        image4
  4. Restart the web server in IIS.
  5. Verify that going to the HTTP version of your site forces you into the HTTPS version.
  6. Verify that you can load your filters and get the expected results.

(Optional) Configure ElasticSearch to use HTTPS

If you use a self-signed certificate or a Certificate Authority that is not automatically trusted by the default Java Trust Store, you’ll need to import your certificate. You’ll know whether this is necessary if, after forcing HTTPS, you receive errors mentioning “Unexpected Search Response” for some filters. To resolve, follow these steps:

  1. Export the certificate from IIS:
    1. FB GEN ALL > Bindings > 443 > Edit
    2. View Certificate > Details tab > Copy to File
    3. Do not export the private key
    4. Export as a X.509 .CER file
  2. Import the certificate to the Java Trust Store:
    1. Open an Admin PowerShell prompt and run the following
    2. keytool -import -v -alias <friendly name> -keystore $Env:JAVA_HOME\jre\lib\security\cacerts -file cert.cer
    3. The default password for the Trust Store is “changeit”
  3. Restart Elastic Search and IIS

Questions? Reach out to us; we’re happy to help!