SSL Certificate Requirements
Eko AD Sync relies on Secure Sockets Layer (SSL) certificates to ensure that communication between components — especially the Eko Active Directory Connector (EkoADC) and the Eko — is encrypted via HTTPS. The requirements for certificates vary based on whether the standard Eko certificate is used or if the customer opts for their own.
1. Standard Eko SSL Certificate
In the majority of client deployments, Amity Solutions uses the Eko SSL certificate for the client's EkoADC.
Expiration: These certificates are designed to last for 10 years, meaning they do not require frequent renewal
2. Customer-Provided SSL Certificates
Some clients may require their own SSL certificates in the EkoADC.
Expiration: Unlike the standard Eko certificates, customer-provided certificates typically expire yearly, requiring routine renewal.
3. Customer Responsibilities for Renewal
If the customer chooses to use their own certificates, they are responsible for providing the necessary files and preparing the environment for renewal:
Certificate Generation: The customer must generate the new certificate files.
File Placement: The client must place the required files (.crt and .key) on the EkoADC server.
Scheduling: The customer must then schedule a meeting with the Eko operations team (EkoTier2 or DevOps) to remote into the server and install the new certificate
3.1 Eko Operations Renewal Process Overview
The Eko team handles the technical steps for installing the customer-provided certificate on the EkoADC server. This includes:
File Preparation: Creating a new folder inside
/appand placing the client's certificate files there.Conversion to PEM: Converting the provided key/certificate files into the required .pem format.
Configuration Update: Updating the
docker-compose.yamlfile to use the new certificate path.
Last updated