The agent cannot start. It looks like it's something related to the certificate. The agent log shows something like the following:
20231003/153515.960 - U02000378 Loading certificates from directory: 'C:\Automic\Automation.Platform\Agents\certificates'.
20231003/153515.991 - U02000377 Certificate loaded from file 'jcp.cer'.
20231003/153515.991 - U02000376 Could not parse certificate 'C:\Automic\Automation.Platform\Agents\certificates\certificate_name_01.example.com.pfx'. Please make sure that the certificate is in PEM format.
20231003/153515.991 - java.security.cert.CertificateParsingException: signed fields invalid
20231003/153515.991 - U02000376 Could not parse certificate 'C:\Automic\Automation.Platform\certificates\certificate_name_01.example.com.pfx'. Please make sure that the certificate is in PEM format.
20231003/153515.991 - java.security.cert.CertificateParsingException: signed fields invalid
Release : 21.0.8
It looks like the agent is trying to load a .pfx file:
20231003/153515.991 - U02000376 Could not parse certificate 'C:\Automic\Automation.Platform\Agents\certificates\certificate_name_01.example.com.pfx'. Please make sure that the certificate is in PEM format.
...
20231003/153515.991 - U02000376 Could not parse certificate 'C:\Automic\Automation.Platform\certificates\certificate_name_01.example.com.pfx'. Please make sure that the certificate is in PEM format.
It looks like the agent is trying to load a .pfx file which is a truststore file instead of a certificate. To resolve this the certification chain should be re-exported from the pkcs12 keystore that the JCP is using.
There are a couple of ways to do this and a security admin should be involved. Please see below on possible ways:
Keystore Explorer (the one that's not bundled with a jre):
Using a browser to export the certificate
Another way to get the certificate is to navigate in a browser to the JCP endpoint and export it from the browser. For instance in chrome:
Other methods
There are also ways to extract certificates from keystores using openssl and command line, but you'll want to talk to security admin for the best way to do that. The certificate does need to be in a .pem format rather than .pfx.
One other things to take note of is that the java used to create the JCP's keystore and export the certificate (in case of keystore explorer or command line) need to be the same version and should be either java version 8 or 11, whichever the JCP is using.