After configuring the third party certificate, service failed to start with below error in boot.log file:

ERROR [StartUpInterceptor] Failed to decrypt data
java.io.IOException: Keystore was tampered with, or password was incorrect
Caused by: java.security.UnrecoverableKeyException: Password verification failed

Release : 4.3.X

Component : Process Automation

The password configured for keystore and password configured in the parameter "itpam.web.keystore.password" doesn't match.

First, check whether the password is correct or not with keytool as below:

• In PAM server, go to command prompt
• Navigate to ..\jre.xx\bin\ directory
• Run below command:
     keytool -v -list -keystore <full path to copied keystore with filename>
     Example:  C:\Program Files\Java\jre1.8.0_161\bin>keytool -v -list -keystore "C:\CA\PAM\server\c2o\.config\c2okeystore"
• Enter password once it prompts.
• It lists all the information related to keystore if password is correct.

If the above steps are successful, then encrypt the same password and set that to "itpam.web.keystore.password" parameter as below:

• Make sure the java path is embedded in quotes in PasswordEncryption.bat(path: C:\Program Files\CA\PAM\server\c2o\) file
      Example: set JAVA_HOME="C:\Program Files\Java\jdk1.8.0_192"
• In the command prompt, navigate to install_dir/server/c2o/
• Run PasswordEncryption.bat <password used in the above step>
• Ignore the warnings in the output and copy the long encrypted value returned and set it for "itpam.web.keystore.password" parameter in OasisConfig.properties file.
• Start the Orchestrator service.