The process JCP stops after starting with a ssl JKS certificate since version 12.2.5+ or12.3.3+

The errors in JCP log are:

U00045014 Exception 'java.io.IOException: "DerInputStream.getLength(): lengthTag=109, too big."' at 'sun.security.util.DerInputStream.getLength():599'.
U00003620 Routine 'com.automic.rest.RestComponent' forces trace because of error.

Release : 12.2 / 12.3

Component : AUTOMATION ENGINE

Subcomponent: JCP with sslEnabled=1

Correction added in 12.2.5+ / 12.3.3+ that needed a Jetty upgrade introduced this new prerequisite (JKS keystore no longer accepted).

12.2.4 and inferior:
Jetty: jetty-9.4.8.v20171121

12.2.5 and superior:
Jetty: jetty-9.4.14.v20181114

This is bug until to version 12.3.4

Workaround :

Since 12.2.5+ and 12.3.4, jetty can only run with a PKCS12 (.p12) keystore no longer with a JKS as before.

If a JKS keystore is actually used it must be converted to PKCS12 format, for example with the following keytool instruction:

keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12] -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]

https://knowledge.digicert.com/solution/SO17201.html

Then modify the ini file to use that .p12 and JCP will start correctly.

Solution:

This bug is however corrected in since version 12.3.5 of AWI: The JCP must be able to accept keystore either in JKS or in PKCS 12 format (see additional information for more details about the correction that was introduced).

Technical Resolution: 

A problem has been fixed where the REST API server process failed to start with the configuration sslEnabled=1 and a keystore in JKS format.
The REST API stopped with a log message "java.io.IOException: "DerInputStream.getLength(): lengthTag=109, too big."