Description
When trying to configure SSL with the following cli script:
embed-server --server-config=standalone-ha.xml /subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcp) /subsystem=transactions:write-attribute(name=node-identifier,value=wildfly1) /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-jdg-server1:add(host=10.0.154.87, port=11222) /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-jdg-server2:add(host=10.0.153.9, port=11222) /subsystem=elytron/key-store=twoWayKS:add(path=jdg.keystore.jks,relative-to=jboss.home.dir,credential-reference={clear-text=123PIPPOBAUDO},type=PKCS12) /subsystem=elytron/key-store=twoWayTS:add(path=jdg.truststore.jks,relative-to=jboss.home.dir,credential-reference={clear-text=123PIPPOBAUDO},type=PKCS12) /subsystem=elytron/key-manager=twoWayKM:add(key-store=twoWayKS, algorithm="SunX509", credential-reference={clear-text=123PIPPOBAUDO}) /subsystem=elytron/trust-manager=twoWayTM:add(key-store=twoWayTS, algorithm="SunX509") /subsystem=elytron/server-ssl-context=SERVER_SSL_CONTEXT:add(key-manager=twoWayKM, protocols=["TLSv1.2"], trust-manager=twoWayTM, need-client-auth=true) /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=SERVER_SSL_CONTEXT) /subsystem=elytron/client-ssl-context=CLIENT_SSL_CONTEXT:add(key-manager=twoWayKM, trust-manager=twoWayTM, protocols=["TLSv1.2"]) batch /subsystem=infinispan/remote-cache-container=web-sessions:add(default-remote-cluster=jdg-server-cluster, protocol-version=3.1, statistics-enabled=true, properties={infinispan.client.hotrod.auth_username=admin, infinispan.client.hotrod.auth_password=pass.1234}) /subsystem=infinispan/remote-cache-container=web-sessions/remote-cluster=jdg-server-cluster:add(socket-bindings=[remote-jdg-server1,remote-jdg-server2]) run-batch /subsystem=infinispan/remote-cache-container=web-sessions/component=security:write-attribute(name=ssl-context,value=CLIENT_SSL_CONTEXT) /subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic:add() /subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic/store=hotrod:add(remote-cache-container=web-sessions, fetch-state=false, preload=false, passivation=false, purge=false, shared=true) /subsystem=infinispan/cache-container=web/invalidation-cache=offload_ic/component=transaction:add(mode=BATCH) /subsystem=infinispan/cache-container=web:write-attribute(name=default-cache, value=offload_ic)
we get the following error:
... /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SERVER_SSL_CONTEXT) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: ssl-context is invalid in combination with security-realm", "rolled-back" => true }