Migrate Java web application from http to Https

I have to “migrate” Java web application from HTTP to HTTPS. Locally, I use Tomcat to develop, but in testing and production environments – WebSphere.

I saw in some other questions the same answer, that we just need to set in web.xml the following parameterization:


If I just use this code, which certificate will the application use?

Do I need to set some certification on the server as well, besides the above code in web.xml?


Editing your web.xml and adding <transport-guarantee>CONFIDENTIAL</transport-guarantee> it’s just enabling/add a security-constraint to your web application. If you want to use HTTPS on your server then you must configure your server before.