Currently Knox has a few configuration options for overriding the keystore/truststore type and if these are not specified it falls back to hardcoded "JKS". This should fallback instead of the JDK default configured keystore/truststore type. This will cause issues when an administrator wants to control the keystore type globally at the JDK level. This happens when doing FIPS crypto modules.
It would be better to use KeyStore.getDefaultType() instead of hardcoding JKS.