Showing results for 
Search instead for 
Did you mean: 

Does adding a tomcat-trust cert REQUIRE restart of the Cisco Tomcat application?


I know that you must restart Cisco Tomcat if you install a new certificate for tomcat, but that seems to be due to the fact that installing a new certificate for tomcat replaces the existing tomcat certificate. And since that certificate is the one which is presented for https connections, it makes sense that a Cisco Tomcat restart would be required for that. Also, that service restart actually happens automatically, from what I've seen.


But what about tomcat-trust? I'm looking to add another CA certificate because my two CUCM clusters are signed by different CAs. So I need to add both CA certs to both CUCM clusters as tomcat-trust, but I want to confirm that adding this certificate will not cause or require a restart of Cisco Tomcat.


It's worth mentioning that this is for the TLS piece of ILS configuration between two clusters.




2 Replies 2

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

This is what you get when you upload a certificate to tomcat-trust


Informational Message Success: Certificate Uploaded
Informational Message Restart Cisco Tomcat Service using the CLI "utils service restart Cisco Tomcat".
Informational Message If SAML SSO is enabled, please disable and re-enable it. Also re-provision the SP metadata on the IDP.


if this helps, please rate

Thanks for the reply, Jaime!


This suggests that the service does need to be restarted. I will have to do some testing after-hours to determine if the restart of Cisco Tomcat is automatic in this case or if it must be done manually. 

I plan to conduct testing to discover what happens if you choose not to execute the restart after installing a tomcat-trust cert. Here are the questions I want to answer:


1. Does SSO still function properly?

2. Would the cert "take effect" or would it be ignored until Cisco Tomcat has been restarted?


These are nitty-gritty questions I'd like to be able to answer and I will post my findings once I have conducted some tests.

If anyone has already messed with this, please do feel free to chime in with your findings. It's worth noting I'm running CUCM

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers