Setting up an Office Online Server farm with HTTPS without SSL offloading

If you are reading this post it means you are already familiar with the Microsoft article describing the way to deploy an Office Online farm. They provide instruction on how to set up a single server farm whether on HTTP or HTTPS but also how to deploy a multi-server, load-balanced Office Online Server farm that uses HTTPS. All nice but this guide assumes you will install a certificate on the load balancer in order to offload the SSL processing from your web server.

What if you do not want to offload the SSL processing form your server? In my case I have to always ask a certificate per server, even though my farm will be load balanced and it will run under its own DNS name I still need to request from the department managing the certificates a certificate for each server with a subject alternate name for my Office Online farm. As a result I end up with two certificates, one for each of my farm servers.  This is where the problem starts, because you will create the Office Online farm on node 1 let’s say when you try to add the second node to the farm you will get a message that the certificate is missing from the certificate store.  Of course it is missing, each server has its own certificate, my website FQDN is only specified in the alternate access mapping. The trick here is to change the friendly name of the certificate on each server to be the same. When you will add the second node to your Office Online farm, the certificate will be found and used as it is on the second node, meaning on node 1 you will encrypt the communication with certificate 1 and on node 2 you will encrypt the traffic with certificate 2. Since the certificate is only used to encrypt the data between the client and the server and it is not used for other internal tasks in the Office Online server farm there is no issue encrypting data with two different certificates depending on the node where you are connected to.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s