STOMP errors after importing a new SSL certificate in to IBM Resilient

Symptom

 /usr/share/co3/logs/client.log

13:54:37.665 [Camel (camel-1) thread #3 - JmsConsumer[email-service.email-message-dead-letter]] ERROR o.a.c.c.j.DefaultJmsMessageListenerContainer - Could not refresh JMS Connection for destination 'email-service.email-message-dead-letter' - retrying using FixedBackOff{interval=5000, currentAttempts=86, maxAttempts=unlimited}. Cause: Could not connect to broker URL: ssl://127.0.0.1:65000?socket.verifyHostName=false&socket.enabledProtocols=TLSv1%2CTLSv1.1%2CTLSv1.2&socket.enabledCipherSuites=SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384... . 
Reason: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: The certificate issued by CN=resilient.ibm.local is not trusted; internal cause is:  java.security.cert.CertPathValidatorException: Signature does not match.

/var/log/resilient-messaging/resilient-messaging.log

13:54:22.605 [ActiveMQ BrokerService[detachedBroker] Task-3] ERROR v=unknown o.a.a.broker.TransportConnector - Could not accept connection from tcp://127.0.0.1:47188 : {}
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

If you have an integration server running Resilient Circuits and use the parameter "cafile" in app.config pointing to the new certificate, you might see the following error

2019-03-27 13:55:32,849 INFO [stomp_component] Connect to Stomp...
2019-03-27 13:55:32,850 INFO [client] Connecting to resilient.domain.com:65001 ...
2019-03-27 13:55:32,982 ERROR [actions_component]  Could not connect to resilient.domain.com:65001 
  [Could not establish connection [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)]]