OM is a tool that helps you configure and deploy tiles to Ops Manager. OM has a set of commands to retrieve the certificates and to rotate certificates, such as regenerate-certificates, expiring-certificates etc.

The OM certificate rotation tool is not compatible with TKGI (formerly PKS) as it was designed not to work with TKGI. The long term plan is to use the TKGI CLI to rotate k8s cluster certificates so it is seamless and easy.  TKGI CLI can be used by any k8s administrator while the OM CLI is only used by a BOSH admin. 

Please use the TKGI certification rotation tools  such as credhub-maestro or TKGI CLI (specific use cases).
 

• https://docs.pivotal.io/tkgi/1-10/nsxt-certs-rotate.html

om --env "${env_file}" regenerate-certificates

"warnings":["This version of pivotal-container-service is not compatible with certificate rotation. Certificates in CredHub will not be rotated. Only the certificates managed by Ops Manager will be rotated."]}

However, certificates stored in Ops Manager will still be rotated as expected, meaning certificates that have the location "ops_manager" will rotate as expected, however certificates specific to TKGI clusters will not be rotated. Please follow the steps in the document below to rotate the cluster certificates:
 

• https://docs.pivotal.io/tkgi/1-9/rotate-cluster-certificates.html