There is a published issue with JBoss EAP 7 and OpenJDK related to how the JCEKS keystore loads its keys in OpenJDK
The workaround is to configure the system to allow access to com.sun.crypto.provider
In this scenario, the required workaround was already in the Jboss configuration domain.conf file:
However, as part of the APM configuration, we also require to add reference to our packages and provide the suggestion of the JVM argument. This takes into consideration org.jboss.byteman, but not the extra property:
This JVM configuration overrides the setting in domain.conf, so the com.sun.crypto.provider access is not provided, hence causing the problem.