We are on GeoEvent 10.6.1 (no patches) and have been required to move the config-store and directories to a new share. I used the ArcGIS Server admin>system>configstore and directories edit functions to do this. Upon completion the ArcGIS Server Manager opens correctly as a verified site with the correct certificates being shown. However, opening the GeoEvent Manager the browser warns that "Your connection is not secure. The owner of xxx has configured their web site improperly". Prior to the config-store and directories move, the Manager opened correctly. I restarted the server and upon start up the following was in the karaf logs
019-07-31T14:46:00,121 | ERROR | CM Configuration Updater (ManagedService Update: pid=[org.apache.cxf.osgi]) | HttpServiceStarted | 443 - org.ops4j.pax.web.pax-web-runtime - 6.0.3 | Could not start the servlet context for context path 
java.lang.IllegalStateException: no valid keystore
2019-07-31T14:46:01,965 | ERROR | pool-3-thread-1 | HttpClientService | 53 - com.esri.ges.framework.httpclient - 10.6.1 | Failed to read certificate file at xxx-ags.pfx.cer: signed fields invalid
2019-07-31T14:46:01,990 | ERROR | pool-3-thread-1 | HttpClientService | 53 - com.esri.ges.framework.httpclient - 10.6.1 | Failed to read certificate file at xxx-ge.pfx.cer: signed fields invalid
The certificates do exist where the error is pointing to and from what we can tell are all ok.
The arcgis.keystore matches the certificates that are installed on the machine (Windows 2012 under the Personal certificate folder, not the Trusted Root Certification Authorities folder - is this an issue?? not sure why moving the config-store would cause this to be an issue if it worked before)
Am I correct in thinking that because the ArcGIS Server Manager is verified correctly that the arcgis.keystore under Program Files\ArcGIS\Server\framework\etc\certificates\arcgis.keystore is ok. However, GeoEvent is somehow not creating the C:\ProgramData\ESRI\GeoEvent\certs\geoEventSSLCertificate.jks correctly? The answer is probably not important, but how to fix it if it is the issue.
Any ideas on where to go to from here please???