Integrating SSL into existing SP 2013 Farm RRS feed

  • Question

  • In order to enable SSL in our farm, is it mandatory that Office Web Apps Server needs SSL installed? Can Office Web Apps be binded with http while SharePoint site is running with SSL enabled? Also, for enabling APPS, do we need SSL? 


    Monday, March 24, 2014 2:24 AM


  • Yes, you can leave OWA as HTTP-only, however this presents a significant security risk as you're passing a user token that could potentially be intercepted and used to impersonate the user. You also may get mixed-content warnings in IE if mixing SSL (SharePoint) and HTTP (OWA).

    Apps should be done over SSL because, again, you're sending NTLM hashes which is extremely insecure.

    Trevor Seward

    Follow or contact me at...

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by V284 Monday, March 24, 2014 5:57 PM
    Monday, March 24, 2014 5:02 AM