Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
5
Helpful
2
Replies

Does adding a tomcat-trust cert REQUIRE restart of the Cisco Tomcat application?

xeran
Beginner
Beginner

‎12-14-2018 10:00 AM

I know that you must restart Cisco Tomcat if you install a new certificate for tomcat, but that seems to be due to the fact that installing a new certificate for tomcat replaces the existing tomcat certificate. And since that certificate is the one which is presented for https connections, it makes sense that a Cisco Tomcat restart would be required for that. Also, that service restart actually happens automatically, from what I've seen.

 

But what about tomcat-trust? I'm looking to add another CA certificate because my two CUCM clusters are signed by different CAs. So I need to add both CA certs to both CUCM clusters as tomcat-trust, but I want to confirm that adding this certificate will not cause or require a restart of Cisco Tomcat.

 

It's worth mentioning that this is for the TLS piece of ILS configuration between two clusters.

 

Thanks!

xeran

0 Helpful
2 Replies 2

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

‎12-14-2018 10:20 AM

This is what you get when you upload a certificate to tomcat-trust

 

Informational Message Success: Certificate Uploaded
Informational Message Restart Cisco Tomcat Service using the CLI "utils service restart Cisco Tomcat".
Informational Message If SAML SSO is enabled, please disable and re-enable it. Also re-provision the SP metadata on the IDP.
HTH

java

if this helps, please rate

xeran
Beginner
Beginner
In response to Jaime Valencia

‎12-14-2018 12:24 PM

Thanks for the reply, Jaime!

 

This suggests that the service does need to be restarted. I will have to do some testing after-hours to determine if the restart of Cisco Tomcat is automatic in this case or if it must be done manually. 

I plan to conduct testing to discover what happens if you choose not to execute the restart after installing a tomcat-trust cert. Here are the questions I want to answer:

 

1. Does SSO still function properly?

2. Would the cert "take effect" or would it be ignored until Cisco Tomcat has been restarted?

 

These are nitty-gritty questions I'd like to be able to answer and I will post my findings once I have conducted some tests.

If anyone has already messed with this, please do feel free to chime in with your findings. It's worth noting I'm running CUCM 11.5.1.14900-11

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents