In OpsMan UI, when viewing the Certificates tab it is advised that 'No certificates found.' and 'To optimize deployment time please rotate expiring CA certificates prior to any leaf certificates.'


When running below command you also see 'curl (60) SSL certificate problem: self-signed certificate in certificate chain.' and 'curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it.'

curl "https://OPS-MANAGER-FQDN/api/v0/certificate_authorities" \
-X GET \
-H "Authorization: Bearer $token" \
-kv | jq '.'

When attempting to Apply Changes on the OpsMan tile you see below error:

Deploying:
Creating instance 'bosh/0'
Post "https://vcap:<redacted>@x.x.x.x:6868/agent": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-XX-XXTXX:XX:XXZ is after 2025-XX-XXTXX:XX:XXZ
Exit code 1

and BOSH director can not be updated. 

The Operations Manager root and NATS CA certificates have expired.