To provide the steps for rotating the TKGI API certificate when using the TKGI Management Console

Symptoms:

When logged in to the TKGI Management Console and viewing the Clusters tab, you see the following error on the UI:

Failed to retrieve current TKGI Instance clusters. cannot get TKGI client: cannot login into TKGI: Post https://<IP-ADDRESS>:8443/oauth/token: x509: certificate has expired or is not yet valid

Perform the following steps to rotate the TKGI API cert in the Management Console:

If this is a custom cert, that cert will need to be regenerated by the customer.
Once regenerated:

1. Login to Opsmanager -> TKGI Tile
2. Go to the TKGI API Tab
3. Click Change
4. Paste the custom cert and key into the correct fields
5. Click Save at the bottom of the page

If this is a self-signed cert by the Opsmanager:

1. Login to Opsmanager -> TKGI Tile
2. Go to the TKGI API Tab
3. Copy the TKGI API FQDN for use to regenerate the cert
4. Click Change
5. Click Generate RSA Certificate
6. Paste the TKGI API FQDN into the field
7. Click Generate
8. Copy new CERT and put into a text file for use in the MC
9. Copy new KEY and put into a text file for use in the MC
10. Click Save at the bottom of the page

After populating the TKGI Tile -> TKGI API tab in Opsmanager above, complete the process in TKGI Management Console:
 

1. Login to the TKGI MC
2. Go to TKGI CONFIGURATION Tab
3. Select the cert box toward the bottom, which will present two boxes to enter the new data in
4. Paste the CERT into the correct box
5. Paste the KEY into the correct box
6. Save the configuration
7. Apply Changes