Showing results for 
Search instead for 
Did you mean: 

Does adding a tomcat-trust cert REQUIRE restart of the Cisco Tomcat application?

Level 1
Level 1

I know that you must restart Cisco Tomcat if you install a new certificate for tomcat, but that seems to be due to the fact that installing a new certificate for tomcat replaces the existing tomcat certificate. And since that certificate is the one which is presented for https connections, it makes sense that a Cisco Tomcat restart would be required for that. Also, that service restart actually happens automatically, from what I've seen.


But what about tomcat-trust? I'm looking to add another CA certificate because my two CUCM clusters are signed by different CAs. So I need to add both CA certs to both CUCM clusters as tomcat-trust, but I want to confirm that adding this certificate will not cause or require a restart of Cisco Tomcat.


It's worth mentioning that this is for the TLS piece of ILS configuration between two clusters.




2 Replies 2

Jaime Valencia
Cisco Employee
Cisco Employee

This is what you get when you upload a certificate to tomcat-trust


Informational Message Success: Certificate Uploaded
Informational Message Restart Cisco Tomcat Service using the CLI "utils service restart Cisco Tomcat".
Informational Message If SAML SSO is enabled, please disable and re-enable it. Also re-provision the SP metadata on the IDP.


if this helps, please rate

Thanks for the reply, Jaime!


This suggests that the service does need to be restarted. I will have to do some testing after-hours to determine if the restart of Cisco Tomcat is automatic in this case or if it must be done manually. 

I plan to conduct testing to discover what happens if you choose not to execute the restart after installing a tomcat-trust cert. Here are the questions I want to answer:


1. Does SSO still function properly?

2. Would the cert "take effect" or would it be ignored until Cisco Tomcat has been restarted?


These are nitty-gritty questions I'd like to be able to answer and I will post my findings once I have conducted some tests.

If anyone has already messed with this, please do feel free to chime in with your findings. It's worth noting I'm running CUCM