To provide the steps for rotating the TKGI API certificate when using the TKGI Management Console

When logged in to the TKGI Management Console and viewing the Clusters tab, you see the following error on the UI:

Failed to retrieve current TKGI Instance clusters. cannot get TKGI client: cannot login into TKGI: Post https://ADDRESS:8443/oauth/token: x509: certificate has expired or is not yet valid

Perform the following steps to rotate the TKGI API cert in the Management Console:

If this is a custom cert, that cert will need to be regenerated by the customer.
Once regenerated:

Login to Opsmanager -> TKGI Tile

Go to the TKGI API Tab

Click Change

Paste the custom cert and key into the correct fields

Click Save at the bottom of the page

If this is a self-signed cert by the Opsmanager:

Login to Opsmanager -> TKGI Tile

Go to the TKGI API Tab

Copy the TKGI API FQDN for use to regenerate the cert

Click Change

Click Generate RSA Certificate

Paste the TKGI API FQDN into the field

Click Generate

Copy new CERT and put into a text file for use in the MC

Copy new KEY and put into a text file for use in the MC

Click Save at the bottom of the page



After populating the TKGI Tile -> TKGI API tab in Opsmanager above, complete the process in TKGI Management Console:
 

Login to the TKGI MC

Go to TKGI CONFIGURATION Tab

Select the cert box toward the bottom, which will present two boxes to enter the new data in

Paste the CERT into the correct box

Paste the KEY into the correct box

Save the configuration

Apply Changes