Thanks for the reply, Jaime!
This suggests that the service does need to be restarted. I will have to do some testing after-hours to determine if the restart of Cisco Tomcat is automatic in this case or if it must be done manually.
I plan to conduct testing to discover what happens if you choose not to execute the restart after installing a tomcat-trust cert. Here are the questions I want to answer:
1. Does SSO still function properly?
2. Would the cert "take effect" or would it be ignored until Cisco Tomcat has been restarted?
These are nitty-gritty questions I'd like to be able to answer and I will post my findings once I have conducted some tests.
If anyone has already messed with this, please do feel free to chime in with your findings. It's worth noting I'm running CUCM 220.127.116.1100-11