• A working installation of Manuscript On Premises that is accessible over HTTP
  • A valid SSL certificate (can be self signed if your Manuscript domain is the Common Name or Subject Alternate Name)
  • The SSL certificate must be imported to the Manuscript server

Note:  If you will be migrating data from FogBugz For Your Server to Manuscript On Premises, please wait until after your data migration to configure HTTPS.

Enabling Manuscript On Premises to accept HTTPS requests

  1. In IIS Manager, create a binding on the FB GEN ALL site. Use these settings:
    1. Type: https
    2. Port: 443
    3. Host name: your Manuscript domain
    4. Certificate: the SSL certificate you have previously imported
  2. Verify that the binding is working by pointing your web browser to the HTTPS version of the site.
  3. In the appropriate Manuscript trial database (the default for this is trial1), run the following to update the prefix for URL’s in outgoing emails: UPDATE Setting SET sValue = replace(sValue, 'http:', 'https:'WHERE sKey = 'sUrlPrefixEmail';
  4. Go to your site via HTTPS.
  5. Verify that you can load your filters and get the expected results.

Forcing HTTP requests to use HTTPS

  1. Complete the steps above to allow HTTPS connections to your site.
  2. In the registry settings for HKEY_LOCAL_MACHINE/SOFTWARE/Fog Creek Software/FogBugz/<your_install_path>, set the values for fForceHTTPS and fSSLOverride to 1.
  3. Set up IIS to force all HTTP (port 80) requests to be HTTPS (port 443) requests, unless the request is from localhost:
    1. Ensure HTTP Redirection is enabled (Server Manager > Manage > Add Roles and Features > Web Server (IIS) > Web Server > Common HTTP Features > HTTP Redirect)
    2. Configure the FB GEN ALL website to bind on localhost:80 and {your_manuscript_fqdn}:443 (optionally restricting IP Address for :80 and/or :443 or binding on all hosts for :443 depending on the environment).
    3. Create a new website which will redirect {your_manuscript_fqdn}:80 traffic to {your_manuscript_fqdn}:443
      1. Physical path can be the default wwwroot path (or anywhere else on disk that is not the same physical path as your actual Manuscript site)
      2. Bind on {your_manuscript_fqdn}:80
      3. Configure an HTTP Redirect (IIS Manager > {Your redirect site} > IIS > HTTP Redirect) to the HTTPS variant of your Manuscript FQDN
  4. Restart the web server in IIS.
  5. Verify that going to the HTTP version of your site forces you into the HTTPS version.
  6. Verify that you can load your filters and get the expected results.

Configure ElasticSearch to accept your SSL certificate (required if you start seeing errors when searching after following the steps above)

If you use a self-signed certificate or a Certificate Authority that is not automatically trusted by the default Java Trust Store, you’ll need to import your certificate. You’ll know whether this is necessary if, after forcing HTTPS, you receive errors mentioning “Unexpected Search Response” for some filters. To resolve, follow these steps:

  1. Export the certificate from IIS:
    1. FB GEN ALL > Bindings > 443 > Edit
    2. View Certificate > Details tab > Copy to File
    3. Do not export the private key
    4. Export as a Base-64 Encoded X.509 .CER file
  2. Import the certificate to the Java Trust Store:
    1. Open an Admin PowerShell prompt and run the following
    2. keytool -import -v -alias <friendly name> -keystore $Env:JAVA_HOME\jre\lib\security\cacerts -file cert.cer
    3. The default password for the Trust Store is “changeit”
  3. Restart Elastic Search and IIS

Questions? Reach out to us; we’re happy to help!