When attempting to add a certificate to the page TAS -> Networking -> Certificates and private keys for the Gorouter , it fails with:

Record X: Certificate is invalid

where is X is the number of the certificate.

Ops Manager/TAS 

This is error is most commonly triggered when attempting to add a ECDSA generated certificate. Ops manager does not support ECDSA certs, only RSA.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/security-pcf-infrastructure-custom-ca-cert.html

You will need to instead provide an RSA certificate.

If you are unsure if your certificate is RSA or ECDSA generated, you can run this openssl command against the cert: 

openssl x509 -in server.crt -text -noout

An RSA cert will look like this:

Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)

While ECDSA will look like:

Public Key Algorithm: id-ecPublicKey
EC Public Key: (256 bit)