The setting of user-data-constraint makes sure that the request to a particular resource is always secure, i.e the request will be redirected to https even if you requested on http.
What do you mean by certification. Do you want glassfish to point to a different truststore?
[Message sent by forum member 'nasradu8' (Sudarsan.Sridhar_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=391193