Migrate Java web application from http to Https

I have to “migrate” Java web application from HTTP to HTTPS. Locally, I use Tomcat to develop, but in testing and production environments – WebSphere.

I saw in some other questions the same answer, that we just need to set in web.xml the following parameterization:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AuthServer</web-resource-name>
        <url-pattern>/Server</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

If I just use this code, which certificate will the application use?

Do I need to set some certification on the server as well, besides the above code in web.xml?

Answer

Editing your web.xml and adding <transport-guarantee>CONFIDENTIAL</transport-guarantee> it’s just enabling/add a security-constraint to your web application. If you want to use HTTPS on your server then you must configure your server before.