Deploying Office Web Apps for On Premise

The main thing to success with this is getting the cert correct.

If you have two servers in your farm and one load balancer, name the load balancer and make sure you have that name in your cert.

Complete steps 15 – 18 below. (you can request the cert before the server is behind the load balancer, or after, doesn’t matter)


  • At least two servers running Server 2012 R2 (note: you could do it with less if you wanted too, but why?)
  • Office Web Apps w/ SP1 download
  • Account that is a local admin on the servers
  • One server behind load balancer before starting
  • Load balancer has cert installed

High level Procedure:

  1. Create certificate with all of the subject alternative names, and install on all servers in farm (e.g. if two servers dc101p1owa, dc102p1owa, and one load balancer OWAFARM) then step 15 -18 will account for this.  Step 15 will  be of type common name so that you can take the server name of the server on step 16 which will have servername, then 17 and 18 will have server name plus the other two names, dc102p1owa and owafarm, in this example.
  2. install pre-requisites
  3. restart server, if needed
  4. install Office web apps on all servers
  5. create farm
  6. test connectivity
  7. join second server to farm

 More Granular explanation (some taken from technet and other references, see list below)

Create certificate with all subject alternative names, and install on all servers in farm


  1. Log on to the server as a member of the local Administrators group.
  2. Click Start.
  3. In the Search programs and files box, type mmc.exe, and press ENTER.
  4. On the File menu, click Add/Remove Snap-in.
  5. In the list of available snap-ins, click Certificates, and then click Add.
  6. Click Computer account, and click Next.
  7. Click Local computer, and click Finish.
  8. Click OK.
  9. In the console tree, double-click Certificates (Local Computer), and then double-click Personal.
  10. Right-click Personal, point to All Tasks, and then click Request New Certificate to start the Certificate Enrollment wizard.
  11. Click Next.
  12. Click Next.
  13. Select the Web Server template. Click the warning icon below More information is required to enroll for this certificate. Click here to configure these settings.
  14. Note the warning icon on the Subject tab. This tells you what type of information is required.

Because SSL/TLS does not require a Subject name when a SAN extension is included, the Subject name can be empty. If you are using another protocol, verify the certificate requirements. To use an empty Subject name, skip steps 15 and 16.

  1. In the Subject name area under Type, click Common Name.
  2. In the Subject name area under Value, enter the fully qualified domain name of the server (or wildcard asterisk.domain [*.somedomain.local], and then click Add. (of the server your on, use the fqdn)
  3. In the Alternative name area under Type, click DNS.
  4. In the Alternative name area under Value, enter the fully qualified domain name of the server, and then click Add.
  5. Repeat steps 17 and 18 above for each additional SAN that you require. Click OK when finished. (if you have a load balancer, you’ll want that load balanced name here, along with the names of your OWA servers.FQDN)

If you are requesting a certificate for a computer other than your client computer, the private key must be exportable. To specify that the private key is exportable, click the Private Key tab, click the Key Options arrow, and click Make private key exportable. The CA must also be configured to support exportable private keys.

  1. Click Enroll.
  2. After enrollment succeeds, click Finish.
  3. Open MMC
  4. go to File > Add-remove snap-in > add certificates > click Ok

Navigate to the Personal certificate store and export the certificate



Make sure to include the private key and all extended properties when you export it

Create a password and then export it,

Copy it to your other servers, double click on the file to import it, and make sure to make private key exportable, when importing.


Install pre-requisites


Install the following software:


.NET Framework 4.5.2

Open the Windows PowerShell prompt as an administrator and run this command to install the required roles and services.

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,NET-Framework-Features,NET-Framework-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45


restart server, if needed

Install Office web apps on all servers (and install language packs – optional)

Download Office Web Apps Server from the Volume Licensing Service Center (VLSC). To download Office Web Apps Server you must have a license, under a Volume Licensing agreement, for Office Professional Plus 2013, Office Standard 2013, or Office for Mac 2011. The download is located under those Office products on the VLSC portal.

After OOS or OWA is installed on all server, create the farm.

Create farm

New-OfficeWebAppsFarm -InternalUrl "" -ExternalUrl "" -CertificateName " –EditingEnabled



New-OfficeWebAppsFarm -InternalUrl "" -ExternalUrl "" –CertificateName "OWAFARM"  -EditingEnabled


Test connectivity


Join second server to farm

New-OfficeWebAppsMachine -MachineToJoin ""


New-OfficeWebAppsMachine -MachineToJoin ""



Test connectivity



Connect to Sharepoint

New-SPWOPIBinding -ServerName < WacServerName>


New-SPWOPIBinding -ServerName






Deploy office web apps farm –

Mastering Office Web Apps 2013 deployment and operations –

Content roadmap for Office Web Apps Server

How to Request a Certificate With a Custom Subject Alternative Name –

Configure Office Web Apps for SharePoint 2013 –