Overview
If your Ziti Router running in Docker is experiencing issues, it may be due to expired certificates or time synchronization problems. This article outlines how to verify the certificate status and ensure proper configuration in your Docker environment.
Prerequisites
- Access to the server/container running the Ziti Router
- openssl installed (commonly available in most Linux containers)
- Access to your docker-compose.yml file
Step-by-Step Troubleshooting
1. Check System Time Synchronization
Certificates are sensitive to time differences. Ensure the system time is accurate and synchronized with a reliable time source.
On Linux, you can check the current time using:
bash
CopyEdit
dateIf the time is not in sync, consider using ntp or chrony for automatic time updates.
2. Verify Certificate Expiry
To check if the certificate is valid and not expired, run the following command inside the container or on the host where the file is accessible:
bash
CopyEdit
sudo openssl x509 -noout -text -in ziti_router/certs/cert.pem | grep "Not After"Example Output:
yaml
CopyEdit
Not After : Feb 27 20:20:08 2026 GMTIf the date shown is in the past, the certificate has expired and must be renewed.
3. Validate Docker Volume Mapping
Ensure your Docker container has access to the certificate path by checking the volume mappings in your docker-compose.yml.
Example Configuration:
yaml
CopyEdit
volumes:
- ./ziti_router:/etc/netfoundryThis line maps the local ./ziti_router directory to /etc/netfoundry in the container, allowing access to certificates and config files.