This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Integrating SSL into existing SP 2013 Farm

Question
0

Sign in to vote

In order to enable SSL in our farm, is it mandatory that Office Web Apps Server needs SSL installed? Can Office Web Apps be binded with http while SharePoint site is running with SSL enabled? Also, for enabling APPS, do we need SSL?

V

Monday, March 24, 2014 2:24 AM

Answers

0

Sign in to vote
Yes, you can leave OWA as HTTP-only, however this presents a significant security risk as you're passing a user token that could potentially be intercepted and used to impersonate the user. You also may get mixed-content warnings in IE if mixing SSL (SharePoint) and HTTP (OWA).

Apps should be done over SSL because, again, you're sending NTLM hashes which is extremely insecure.
Trevor Seward
Follow or contact me at...

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
- Marked as answer by V284 Monday, March 24, 2014 5:57 PM
Monday, March 24, 2014 5:02 AM