Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-23779

WFLYCTL0105: ssl-context is invalid in combination with security-realm

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Blocker
    • None
    • 7.4.6.CR1
    • Security
    • None
    • False
    • None
    • False

    Description

      When trying to configure SSL with the following cli script:

      embed-server --server-config=standalone-ha.xml
/subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcp)
/subsystem=transactions:write-attribute(name=node-identifier,value=wildfly1)
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-jdg-server1:add(host=10.0.154.87, port=11222)
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-jdg-server2:add(host=10.0.153.9, port=11222)
/subsystem=elytron/key-store=twoWayKS:add(path=jdg.keystore.jks,relative-to=jboss.home.dir,credential-reference={clear-text=123PIPPOBAUDO},type=PKCS12)
/subsystem=elytron/key-store=twoWayTS:add(path=jdg.truststore.jks,relative-to=jboss.home.dir,credential-reference={clear-text=123PIPPOBAUDO},type=PKCS12)
/subsystem=elytron/key-manager=twoWayKM:add(key-store=twoWayKS, algorithm="SunX509", credential-reference={clear-text=123PIPPOBAUDO})
/subsystem=elytron/trust-manager=twoWayTM:add(key-store=twoWayTS, algorithm="SunX509")
/subsystem=elytron/server-ssl-context=SERVER_SSL_CONTEXT:add(key-manager=twoWayKM, protocols=["TLSv1.2"], trust-manager=twoWayTM, need-client-auth=true)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=SERVER_SSL_CONTEXT)
/subsystem=elytron/client-ssl-context=CLIENT_SSL_CONTEXT:add(key-manager=twoWayKM, trust-manager=twoWayTM, protocols=["TLSv1.2"])
batch
/subsystem=infinispan/remote-cache-container=web-sessions:add(default-remote-cluster=jdg-server-cluster, protocol-version=3.1, statistics-enabled=true, properties={infinispan.client.hotrod.auth_username=admin, infinispan.client.hotrod.auth_password=pass.1234})
/subsystem=infinispan/remote-cache-container=web-sessions/remote-cluster=jdg-server-cluster:add(socket-bindings=[remote-jdg-server1,remote-jdg-server2])
run-batch
/subsystem=infinispan/remote-cache-container=web-sessions/component=security:write-attribute(name=ssl-context,value=CLIENT_SSL_CONTEXT)
/subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic:add()
/subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic/store=hotrod:add(remote-cache-container=web-sessions, fetch-state=false, preload=false, passivation=false, purge=false, shared=true)
/subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic/component=transaction:add(mode=BATCH)
/subsystem=infinispan/cache-container=web:write-attribute(name=default-cache, value=offload_ic)

      we get the following error:

      ...
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SERVER_SSL_CONTEXT)
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0105: ssl-context is invalid in combination with security-realm",
    "rolled-back" => true
}

      Attachments

        Activity

          People

            rhn-support-rmartinc Ricardo Martin Camarero
            tborgato@redhat.com Tommaso Borgato
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: