TKGI Management Console reports "Failed to retrieve current TKGI Instance clusters. cannot get TKGI client: cannot login into TKGI: Post https://ADDRESS:8443/oauth/token: x509: certificate has expired or is not yet valid"
search cancel

TKGI Management Console reports "Failed to retrieve current TKGI Instance clusters. cannot get TKGI client: cannot login into TKGI: Post https://ADDRESS:8443/oauth/token: x509: certificate has expired or is not yet valid"

book

Article ID: 327473

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid

Issue/Introduction

To provide the steps for rotating the TKGI API certificate when using the TKGI Management Console


Symptoms:

When logged in to the TKGI Management Console and viewing the Clusters tab, you see the following error on the UI:

Failed to retrieve current TKGI Instance clusters. cannot get TKGI client: cannot login into TKGI: Post https://ADDRESS:8443/oauth/token: x509: certificate has expired or is not yet valid

 


Environment

VMware Tanzu Kubernetes Grid Integrated Edition 1.x

Cause

Certificate is expired

Resolution

Perform the following steps to rotate the TKGI API cert in the Management Console:

If this is a custom cert, that cert will need to be regenerated by the customer.
Once regenerated:

Login to Opsmanager -> TKGI Tile

Go to the TKGI API Tab

Click Change

Paste the custom cert and key into the correct fields

Click Save at the bottom of the page



If this is a self-signed cert by the Opsmanager:

Login to Opsmanager -> TKGI Tile

Go to the TKGI API Tab

Copy the TKGI API FQDN for use to regenerate the cert

Click Change

Click Generate RSA Certificate

Paste the TKGI API FQDN into the field

Click Generate

Copy new CERT and put into a text file for use in the MC

Copy new KEY and put into a text file for use in the MC

Click Save at the bottom of the page



After populating the TKGI Tile -> TKGI API tab in Opsmanager above, complete the process in TKGI Management Console:
 

Login to the TKGI MC

Go to TKGI CONFIGURATION Tab

Select the cert box toward the bottom, which will present two boxes to enter the new data in

Paste the CERT into the correct box

Paste the KEY into the correct box

Save the configuration

Apply Changes