-
Bug
-
Resolution: Done
-
Major
-
7.4.9.GA
-
False
-
-
False
-
-
-
-
-
-
?
-
-
-
This error results when running enable-elytron-se17.cli if a user is using an older EAP 7.x configuration (or perhaps removed applicationSSC).
We should make sure applicationSSC is defined since the enable-elytron-se17.cli depends on it, this might mean modifying the .cli to check (add if needed) or perhaps it should be the jboss-server-migration.sh should add the applicationSSC when migrating.
jboss-eap-7.4 $ ./bin/jboss-cli.sh --file=./docs/examples/enable-elytron-se17.cli
INFO: Updating configuration to use elytron
INFO: Adding http-authentication-factory=application-http-authentication to Elytron
{"outcome" => "success"}
INFO: Adding application-security-domain=other to Undertow
{"outcome" => "success"}
INFO: Configuring the Undertow https listener
The batch failed with the following error (you are remaining in the batch editing mode to have a chance to correct the error):
WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:
Step: step-2
Operation: /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=applicationSSC)
Failure: WFLYCTL0369: Required capabilities are not available:
org.wildfly.security.ssl-context.applicationSSC; Possible registration points for this capability:
/subsystem=elytron/server-ssl-context=*
/subsystem=elytron/client-ssl-context=*
/subsystem=elytron/server-ssl-sni-context=*
These are the missing commands needed to resolve the error:
/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},path=application.keystore,relative-to=jboss.server.config.dir,type=JKS)
/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, generate-self-signed-certificate-host=localhost, credential-reference={clear-text=password})
/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
- links to
