Service Mesh has been removed in 2.9 and above Ops Man UI, so if you enabled it, and added a certificate and private key for Istio router, that will still remain there.

Because of that, when that cert is close to expire, Ops Man will warn you about that showing that a cert with property_reference ".properties.istio_frontend_tls_keypairs[0].certificate" will expire sin some days.

Before upgrading to Ops Man 2.11, Service Mesh needs to be removed as explained in our docs and as instructed in this KB article. That KB article doesn't explain how to remove the cert hence we created this one.

Product Version: 2.10

1.  Retrieve the staged configuration of the TAS tile with om staged-config --product-name=cf > /tmp/cf-config.yml
2. Open the cf-config.yml file.and search and delete the following lines. 

 .properties.istio_frontend_tls_keypairs:
    value:
    - name: <your-cert-name>

      3. Create an ops file to delete the cert Istio by running:

cat <<EOF > /tmp/delete-istio-router-cert.yml
- type: replace
  path: /product-properties/.properties.istio_frontend_tls_keypairs?
  value:
    value: []
EOF

The empty array [] is the key here, and will delete the cert when product is configured.

      4. Run om cli to remove the cert 

om configure-product -c /tmp/staged-config.yml -o /tmp/delete-istio-router-cert.yml

      5. Apply Changes on TAS Tile.