Need help to migrate CertificateRoles to the new Elytron configuration

Any help will be appreciated

Below is my configuration in wildfly 10.1

<security-realm name="SSLRealm">

                <server-identities>

                    <ssl>

                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>

                    </ssl>

                </server-identities>

                <authentication>

                    <truststore path="CA.truststore" relative-to="jboss.server.config.dir" keystore-password="CA123456"/>

                </authentication>

            </security-realm>

<https-listener name="https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED" enable-http2="true"/>

<security-domain name="client-cert-domain">

                    <authentication>

                        <login-module code="CertificateRoles" flag="required">

                            <module-option name="securityDomain" value="client-cert-domain"/>

                            <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/client-certs-users.properties"/>

                            <module-option name="defaultRolesProperties" value="file:${jboss.server.config.dir}/client-certs-users.properties"/>

                        </login-module>

                    </authentication>

                    <jsse truststore-password="123456" truststore-url="${jboss.server.config.dir}/client.truststore" client-auth="true"/>

                </security-domain>