Thanks Adrian!

After many many unfruitful hours of testing, trying, and chasing error logs, I was beginning to arrive at this same conclusion. Forcing the keystore to the JKS type solved my issues as well!

Synametrics support: I have not been successful in getting a PCKS12 keystore to work. Either by creating the keystore as a default PCKS12 type, or migrating a known good JKS keystore to PCKS12. The following error always occurs:

2021-10-17 10:36:03,994 ERROR http11.Http11Protocol - Failed to initialize end point associated with ProtocolHandler ["http-bio-443"]
java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:792)

This is on build 6201, using the Synametrics VM package.

I'm not concerned at this point as the JKS keystore will work fine for my needs, despite being deprecated for security risks. It might be worth a look to see if your devs can reproduce the issue. I'd also suggest an enhancement to validate the new keystore and credentials in the UI when the user changes the cert keystore. This would save dozens of hours of frustrating application restarts.