Upgrading from PCF® 1.5 to 1.6 or installing a new PCF 1.6 environment may fail due to certification issues showing the following errors:
Install logs -> Error 400007: `router-partition-xxxxxxxxxxxxxxxxxxxx/0' is not running after update
gorouter_ctl.err.log -> panic: crypto/tls: private key does not match public key
When enabling the new feature "Enable TLS on the Router" in the PCF Ops Manager Installation Dashboard, in the Elastic Runtime tile and Security Config section, the router component will use the public and private key provided and PCF will show the above errors if they are not valid.
There are two possible resolutions:
1. Uncheck the option for "Enable TLS on the Router" in the Ops Manager. Doing this is considered less secure, but can result in a small performance gain as there is some overhead for TLS. Please consider this carefully before disabling this option, only you can determine if TLS to the gorouter is needed for your environment.
2. You need to provide a valid public and private key in the PCF Ops Manager Installation Dashboard, in the Elastic Runtime tile, Security Config section, in SSL Termination Certificate part as indicated the following instructions.
For more details on what public and private key to use, see this documentation.