While implementing our EEM server to use custom/signed certificates (following instructions similar to what's here: Apply own p12 certificate in place of the default CA Embedded Entitlements Manager (EEM) certificate), the EEM Server fails to start when separating the private/public key and using a password protected private key.
Release : ITPAM 4.3, EEM 12.6
This happens is because "PBE algorithms are not allowed in FIPS mode". Based on this you need to make a choice of: