Minor To reproduce the issue:
1. Perform a backUpAll on a DS instance
2. Set up a new DS instance and restore all backends
3. Start the new DS instance. It fails with the following errors.
[12/Jun/2019:13:52:27 +0800] category=CONFIG severity=ERROR msgID=116 msg=An error occurred while trying to initialize a backend loaded from class org.opends.server.backends.TrustStoreBackend with the information in configuration entry ds-cfg-backend-id=ads-truststore,cn=Backends,cn=config: InitializationException: Error while trying to add certificate ads-certificate to the trust store file db/ads-truststore/ads-truststore: KeyStoreException(java.io.IOException: Keystore was tampered with, or password was incorrect) (TrustStoreBackend.java:880 TrustStoreBackend.java:165 BackendConfigManager.java:854 BackendConfigManager.java:837 BackendConfigManager.java:247 BackendConfigManager.java:224 BackendConfigManager.java:215 BackendConfigManager.java:156 DirectoryServer.java:1477 DirectoryServer.java:1323 DirectoryServer.java:4037). This backend will be disabled
[12/Jun/2019:13:52:27 +0800] category=CORE severity=NOTICE msgID=139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID org.opends.messages.core-141): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServer and the reason provided for the shutdown was An error occurred while attempting to bootstrap the Directory Server: CryptoManager failed to add entry "ds-cfg-key-id=ads-certificate,cn=ads-truststore" to initiate instance key generation
The workaround is to copy over opendj/db/ads-truststore/ads-truststore.pin from the old instance.