I solved my issue.
Hidden in the manual, right at the very bottom, after the section which you are reading, it reminds you to make sure that your 's1as' certificate has the same password as the keystore.
https://docs.appdynamics.com/display/PRO42/Controller+SSL+and+Certificates
Changing the master password with asadmin changes the password for the keystore and for the s1as key. It does not change the password of any additional keys you have added to the keystore, however. If you have added keys to the keystore, you need to change their password to match the new master password. Use the keytool to change their passwords as follows:
keytool -keypasswd -alias myserver -keystore keystore.jks -storepass <new master password>