Skip to main content
commvault.com commvault.com
Question

Planning to rebuild 3 web servers which are tiered

  • September 15, 2025
  • 1 reply
  • 24 views
M
Byte
Forum|alt.badge.img+5

Planning to rebuild 3 web servers which are tiered.  The Metrics reporting is setup to use Tiered Metrics reporting.  Creating a CA-Signed Certificate for the Tomcat Server

 

Is there any way I can avoid re-doing the creation of certs etc. Possibly saving a copy of critical files for tiered metrics reporting and copying it to the newly refresh Metrics reporting/web server

 

Any advice is appreciated

    1 reply

    D
    Vaulter
    Forum|alt.badge.img+8

    Hi ​@mach123 ,

    You do not need to re-create the CA-signed certificates if you back up and restore the keystore and configuration files.
    If hostnames/IPs remain unchanged, and you restore the files correctly, your tiered metrics reporting and SSL configuration will continue to work without re-issuing certificates.

    You may follow the below steps:

    Key Files to Back Up and Restore :

    1. Keystore File
       - The keystore file (e.g., `mykeystore.jks` or `.pfx`) contains your CA-signed certificate and private key.
       - Location: Typically found in the Tomcat configuration directory (e.g., `CV_installation_path\Apache\conf`).

    2. Server.xml Configuration File  
       - This file contains the SSL connector configuration and references the keystore file, password, and type.
       - Location: `CV_installation_path\Apache\conf\server.xml`

    3. CA Root Certificates (if used for client verification)
       - If you imported CA root certificates for client verification, back up the truststore or certificate files.

    Steps to Preserve and Restore Certificates :

    1. Before Rebuild:
       - Back up the keystore file(s) containing your CA-signed certificate and private key.
       - Back up the `server.xml` file.
       - If you used the Commvault Certificate Tool to import CA root certificates, back up the truststore or related files.

    2. After Rebuild:
       - Restore the keystore file(s) to the same location on the new server.
       - Restore the `server.xml` file, ensuring the paths and passwords match the restored keystore.
       - If applicable, re-import the CA root certificates using the Commvault Certificate Tool, or restore the truststore files.

    3. Restart the Tomcat service to apply the restored certificate configuration.

    4. Access the web server via HTTPS and verify the certificate is correctly applied. Check the Command Center or Web Console for secure access and proper metrics reporting.
    5. Ensure that All Metrics Reporting Servers in the tiered architecture must be on the same version and feature release.
    6. If you change hostnames or IP addresses, you may need to update the Subject Alternative Name (SAN) in the certificate or obtain a new certificate. If you use client certificate verification, ensure the CA root certificate is imported on the new server.

    Regards,
    Dheeraj

    P
    Terms & ConditionsCookie settingsAccessibility statement