Last week I wrote a piece on Oracle HTTP Server 12c security. We have found similar hiccup, now in the BPM domain environment settings. If your freshly backed BPM domain works fine but you can't access BPM applications, check your setDomainEnv.sh properties. By default, it refers to the DemoTrust.jks in the EXTRA_JAVA_PROPERTIES, like the one below.

EXTRA_JAVA_PROPERTIES="-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks ${EXTRA_JAVA_PROPERTIES} -Dsoa.archives.dir=${SOA_ORACLE_HOME}/soa -Dsoa.oracle.home=${SOA_ORACLE_HOME} -Dsoa.instance.home=${DOMAIN_HOME} -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Doracle.xml.schema/Ignore_Duplicate_Components=true -Doracle.xdkjava.compatibility.version=11.1.1 -Doracle.soa.compatibility.version=11.1.1 -Ddisable-implicit-bean-discovery=true

At first, I have tried to overlap this property with one in the setUserOverride.sh with no much success. So, remove this entry and restart domain.