Setting up (Optional/Required) SSL for FogBugz for Your Server (FBFYS)



This article details the process of configuring FogBugz 8.8.55 for Windows to be accessible only via SSL (HTTPS) on IIS 6 and IIS 7.

Here’s how to set up FogBugz 8.8.55 for Windows to be accessible only via SSL (HTTPS). We also have details on how to similarly configure FogBugz On Site


FogBugz 8.8.55 for Windows

IIS 6, IIS 7




See the TechNet documentation for requiring SSL:


1: Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).


2: In Features View, double-click SSL Settings.


Make sure that you are at the site, application, or directory level; SSL Settings are not available at the Server level. To configure SSL at the file level, navigate to the file in Content View and then click Switch to Features View in the Actions pane.


3: On the SSL Settings page, select Require SSL.


4: In the Actions pane, click Apply.



Configuring Your Web Server for SSL

 To enable SSL in IIS, you must first obtain a certificate that is used to encrypt and decrypt the information that is transferred over the network. IIS includes its own certificate request tool that you can use to send a certificate request to a certification authority. This tool simplifies the process of obtaining a certificate. If you use Apache, you must obtain the certificate manually. 

In both IIS and Apache, you receive a certificate file from the certification authority, which you must configure on the computer. Apache reads the certificate from its source file by using the SSLCACertificateFile directive. However, in IIS, you can configure and manage certificates by using the Directory Security tab of the Web site or folder properties. 

You can migrate certificates from Apache to IIS; however, Microsoft recommends that you re-create or obtain a new certificate for IIS. 


Configure Folder or Web Site to Use SSL/HTTPS

This procedure assumes that your site has already had a certificate assigned to it.

  1. Log in to the Web server computer as an administrator.
  2. Navigate to Start > Settings > Control Panel.
  3. Double-click Administrative Tools, and then double click Internet Services Manager.
  4. Select the Web site from the list of different served sites in the left pane.
  5. Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.
  6. Click the Directory Security tab.
  7. Click Edit.
  8. Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications.
  9. Click Require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.
  10. To allow users to connect without supplying their own certificate, click Ignore client certificates.
    • Optionally, to allow a user to supply their own certificate, use Accept client certificates.
  11. To configure client mapping, click Enable client certificate mapping, and then click Edit to map client certificates to users. 

    If you configure this functionality, you can map client certificates to individual users in Active Directory. You can use this functionality to automatically identify a user according to the certificate they supplied when they access the Web site. You can map users to certificates on a one-to-one basis (one certificate identifies one user) or you can map many certificates to one user (a list of certificates is matched against a specific user according to specific rules. The first valid match becomes the mapping).
  12. Click OK.

This TechNet article covers enabling (and requiring) SSL.


Note: If you are seeing hg commands timeout with the error message “An existing connection was forcibly closed by the remote host” you should check your IIS SSL settings for the Fogbugz and Kiln sites to make sure that they are set to Ignore Client Certificates.