This is the process Dixie State University came up with to correct the LMB cert issue with our Banner system.

Instructure (Canvas) new cert

Get the new cert from Instructure

The LMB runs on an old RHEL 4 server. Since certsca file is so old you will want to download the cert on another box.

openssl s_client -showcerts -connect canvas.instructure.com:443 >canvas.txt

Take that file and convert the certs in it to separate files.

i.e. canvas1.txt

-----BEGIN CERTIFICATE-----

MIIFTTCCBDWgAwIBAgIQCRVkoamnOFWm0jQsJoDU9zANBgkqhkiG9w0BAQsFADBN

...

MH9d4LwduJHn/lOoz1MMkX4=

-----END CERTIFICATE-----

canvas2.txt

-----BEGIN CERTIFICATE-----

MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh

...

j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz

-----END CERTIFICATE-----

Copy the canvas#.txt files to the LMB server.

Load the new certs into LMB java keystore.

If you don’t know where the java keystore is located you can run the following command to find where it may be.

 find / \( -name proc -prune \) -o -name "cacerts" -print

Ours is located at:

/usr/jdk/instances/jdk1.5.0_10/jre/lib/security/

load the file. Run this command from the above directory.

../../bin/keytool -keystore ./cacerts -import -alias canvas#2017 -file canvas#.txt

The alias just needs to be unique so I named it canvas file number and year.

Default password is "changeit" without the " marks.

Restart the Message broker.

The LMB should be able to send messages now.

.

Have a nice day.