Office Web Apps Server – Configuring Certificates

Share this:

Buenos días hermanos (Live from Buenos Aires Today even with the Transit Public strike over here :) )

In Today’s post we are going to continue our journey to configure Office Web Apps Server towards the integration with Lync and Exchange Server 2013. Last post we installed the server and its language packs, you can check it out here:

A few key points about the digital certificates and Office Web Apps, as follows:

  • If using an internal CA download the certificate in base-64 format
  • If using an internal CA use the advanced option to request the certificate and select web server as certificate template
  • If you want to request a certificate with several names (different names for internal and external) you can use Certificates (Computer Store) using MMC (it also applies to Windows Server 2012)
  • The SAN name of the certificate cannot be a wildcard (*)
  • The certificate must be exportable and the same on all servers from the balance (if you are terminating SSL on each one of the hosts)
  • Office Web Apps supports Hardware Load Balance and you can offload SSL from the servers using those devices. If that is your case you need to plan to move the certificate to the hardware load balancer
  • The certificate must be valid in an internal CA or Public CA, if you are going to use in a large scale a Public CA may be a good option

All Office Web Apps Server is configured through PowerShell however before going there we will need to have a certificate in place and there are a couple of ways to do that, let’s start with a simple one using IIS for a single name, as follows:

First, open IIS Manager, expand the server name, and on the right side click on Server certificates, then click on Create Certificate Request… located on the right side in the Toolbox Actions.

In the new page (figure below) fill out all the information and set it up the name that will be used by this Office Web Apps Server in the Common name field


In the Cryptographic Service Providers Properties page. Let’s change to 2048 the bit length and then click Next.


In the File name page. Let’s choose a place for the request file and we are going to use that file with our local CA or Public CA (depending of your design).


Time to move the request to your CA and get the certificate ready for our next step.

Deploying the certificate..

Time to go back to IIS and complete the request by clicking on Complete Certificate Request and in the new page, let’s select the certificate that we got from our Certification Authority, and let’s assign a Friendly name for this certificate (we are going to use the same name during the Office Web Apps Server configuration). Click on OK.


Now we should be able to see the certificate on the list as shown in the figure below.


In tomorrow (perhaps Tonight Smile) post we are going to configure the server and then we will be ready to integrate with Lync and Office 2013 products.

One last thing for our series, is to configure the DNS using the same name that we defined in the certificate for the server and that name will be used in our integration down the road.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at, and (Portuguese).