From OpenAM 13.5 onwards we default to using a JCEKS keystore rather than a JKS keystore. Support for JCEKS is needed to allow symmetric keys to be stored. If upgrading from a version of OpenAM earlier than 13.5, OpenAM/AM will continue to use the JKS keystore rather than switching to using the JCEKS keystore.
This was a conscious decision as admins should have moved away from using the default JKS keystore in favour of one they create for themselves.
- Install AM 13.0.x
- Upgrade to AM 6.5.0-M17
- Run the functional test com.forgerock.openam.functionaltest.ui.uss.pages.AnswerSecurityQuestionPageTest
Configure AM to use the JCEKS keystore rather then the JSK keystore.
- Login to the admin console
- Select Configure > Server Defaults
- Select Security
- Select the "Key Store" tab
- Update "Keystore File" to %BASE_DIR%/%SERVER_URI%/keystore.jceks
- Update "Keystore Type" to JCEKS
- Restart AM