After rotating CA and leaf certificates using the Tanzu Operations Manager API procedure documented here the TKGI MC is no longer able to manage clusters.

In the TKGi MC on the Clusters tab the error "Failed to retrieve current TKGi Instance clusters. Request timed out" is presented.

The following error is also presented on the Nodes tab in the TKGi MC "Failed to retrieve current TKGI Instance nodes. cannot get BOSH client: Fetching info: Performing request GET 'https://###.##.##.##/info': Performing GET request: Retry: Get "https://###.##.##.##/info": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Pivotal")"

TKGI 1.19.2

TKGI MC version 1.19.2

Ops Manager Version 3.0.31+ LTS-T

1. Login to the TKGi MC and navigate to the 'Configuration' tab. 
2. Click 'Generate Configuration', and then click 'Apply Configuration'.
3. When the 'Apply Configuration' is complete verify the Clusters and Nodes are now visible under the corresponding tabs in the TKGi MC.
4. Verify the new certificate is applied by opening an SSH session to the TKGi MC and running the below command:
# cat /storage/data/certs/bosh_ca_cert.crt | openssl x509 -noout -dates