Hi All,

We have OWA 2013 with SharePoint 2013. A Trusted certificate is deployed at Load Balancer for OWA (SP_OWA_CERT) and DNS has been setup as owa.company.com. The Office Web Apps URL is https://owa.company.com for LB side.

Q: Does Office Web Apps 2013 server (SPOWA13) also requires same certificate (SP_OWA_CERT) trusted certificate for users that communicate with load balancer? Users requests a document and LB has OWA Certificate. The SharePoint WFE has document and communicates with OWA server using WOPI protocol. The document then is returned via LB to user.



Is above diagram fine?

User >> LB Certificate (SP_OWA_CERT) >> WFE server (Self Sign Certificate) >> OWA Cert (SP_OWA_CERT)

Any help would be greatly appreciated?            

If load balancer has certificate with name of all OWA servers as SAN, that should be enough if SSL is being offloaded at F5. But there is an article stating that offloading SSL af F5 is not a secure practice.

Thank you XMantra for your reply. 

1. We have only 1 OWA. 
2. Its not a SAN certificate. But its created trusted Certificate Authority and self self sign cert for OWA. All the users have this cert using group policy.
   Q: Can we use this kind of Cert for internal use? Is third party cert is absolutely required? 
   
3. Q: Can we use this certificate on OWA server instead of deploying on Load Balancer.  The reason being we cant use the same cert on LB and OWA server.  Or can we directly deploy on LB and there wont be any Cert on OWA server?
   

Please help.

Thanks in advance, 

Hi Sandy,

Yes you can. AS long as the certificate is trusted and not throwing any error at the user's browser, then it should work fine. Make sure you use the External and Internal URL when you do your WOPI binding from your SP Farm.

Mike

Hi All,

We have VIP for Office web apps server at load balancer and DNS is configured as owa.company.com.

 The trusted Certificate Authority Cert (SP-OWA.cer) has be assigned for OWA server.
We have exported the SP-OWA.cer  on the Office Web Apps server.
We following query is SUCCESSFULLY executed:

New-OfficeWebAppsFarm -InternalUrl "https:// owa.company.com" -ExternalUrl
"https:// owa.company.com" -CertificateName "SPOWA" EditingEnable

and we are able to following bindings

The discovery is to browse as well on OWA server but we received certificate error as shown:



We then moved the one of the front server and were browse and also we received certificate error



We tried to pair OWA to SharePoint 2013 and got this error. Warning: The Server did not respond. Trying again (attempt 1 to 5)



Q: What configuration that we has missed that gives certificate error?
Q: Warning: The Server did not respond. Trying again (attempt 1 to 5) is a common error when certificate is not installed. We have exported to the OWA cert on WFE server but still giving error. how could we solve this?  

Any help would be greatly appreciated.  

Hi Sandy,

Like I mentioned above, the certificate cannot generate any error or the SP farm will not connect to it. Either add the OWA certificate to the SP Farm server where you are running the PS from, or you will need to get a trusted certificate.

Mike

Hi Mike, 

Thanks for the your input. The Certificate is created by our network team and we just used exported it in our OWA farm that showed the Certificate error. 

Is the Certificate issue? or something else?