The -cert command line argument to agent.jar is documented to take a file path if it starts with @.

 -cert VAL                       : Specify additional X.509 encoded PEM
                                   certificates to trust when connecting to
                                   Jenkins root URLs. If starting with @ then
                                   the remainder is assumed to be the name of
                                   the certificate file to read.
 

This clashes with the args4j feature not disabled for remoting (and in fact documented by core in the launch suggestions for the -secret argument), and the differing behavior between what args4j does (split by line) and how remoting would handle it (full file contents) means this doesn't work.