I have to “migrate” Java web application from HTTP to HTTPS. Locally, I use Tomcat to develop, but in testing and production environments – WebSphere.
I saw in some other questions the same answer, that we just need to set in
web.xml the following parameterization:
<security-constraint> <web-resource-collection> <web-resource-name>AuthServer</web-resource-name> <url-pattern>/Server</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
If I just use this code, which certificate will the application use?
Do I need to set some certification on the server as well, besides the above code in
web.xml and adding
<transport-guarantee>CONFIDENTIAL</transport-guarantee> it’s just enabling/add a security-constraint to your web application. If you want to use HTTPS on your server then you must configure your server before.