While setting up PAM to use a 3rd party certificate, the startup may fail. 

server.log may show:

2024-07-12 14:28:55,056 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.key-manager: WFLYDM0018: Unable to start service
...
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Error finalising cipher data: pad block corrupted

Release:  4.4

CA Process Automation Base

The reason for this is because the given keystore being used under OasisConfig.properties is a "PKCS12" p12 keystore.  It needs to be a jks keystore

OasisConfig.Properties will show:

itpam.custom.web.keystorepath=C:/Program Files/CA/PAM/wildfly/standalone/.config/customcert.jks

Running the keytool command 

keytool -list -v -keystore "C:\Program Files\CA\PAM\wildfly\standalone\.config\customcert.jks"

The result will show (entry of concern highlighted), top few lines exposed only:

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: XXXX
Creation date: Mar 8, XXXX
Entry type: PrivateKeyEntry
Certificate chain length: 3

A valid entry should show:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: XXXX
Creation date: Mar 8, XXXX
Entry type: PrivateKeyEntry
Certificate chain length: 3

To address, use the keytool command to re-create the given p12 type keystore into a jks keystore:

keytool -importkeystore -srckeystore <source_keystoreFile> -srcstoretype PKCS12 -destkeystore <destination_keystoreFile>  -deststoretype JKS -srcstorepass <password> -deststorepass <password> -srcalias <alias> -destalias <alias> -srckeypass <password> -destkeypass <password> -noprompt

The <destination_keystoreFile> value should be tested against the above keytool command to verify that it is a jks keystore type, then introduced into the OasisConfig.Properties