18.2. Enable Serialization on the Server

Procedure 18.1. Task

Navigate to the SOA_ROOT directory: cd SOA_ROOT.

Run the keytool command and follow the prompts on screen:

keytool -genkey -alias droolsKey -keyalg RSA -keystore MyDroolsPrivateKeyStore.keystore
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  Test User
What is the name of your organizational unit?
  [Unknown]:  HR
What is the name of your organization?
  [Unknown]:  Test Org
What is the name of your City or Locality?
  [Unknown]:  Brisbane
What is the name of your State or Province?
  [Unknown]:  QLD
What is the two-letter country code for this unit?
  [Unknown]:  AU
Is CN=Test User, OU=HR, O=Test Org, L=Brisbane, ST=QLD, C=AU correct?
  [no]:  yes
Enter key password for droolsKey
     (RETURN if same as keystore password):  
Re-enter new password:

After answering all of the questions, a password-protected file named MyDroolsPrivateKeyStore.keystore is created. This keystore file has a private key called droolsKey with the password "drools". Store this file in a safe location in your environment, which will hereafter be referred to as the keystoredir.

Important

The passwords above are examples only and should not be used in production.

Open the configuration file: vi jboss-as/server/default/deploy/properties-service.xml

Configure the JBoss Enterprise SOA Platform to use the JBoss Rules serialization feature by adding this snippet to properties-service.xml:

<mbean code="org.jboss.varia.property.SystemPropertiesService"  name="jboss:type=Service,name=SystemProperties">
    <attribute name="Properties">
      # Drools Security Serialization specific properties
      drools.serialization.sign=true
      drools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsPrivateKeyStore.keystore
      drools.serialization.private.keyStorePwd=drools
      drools.serialization.private.keyAlias=droolsKey
      drools.serialization.private.keyPwd=drools
    </attribute>
</mbean>

Set the drools.serialization.sign property to "true":
```
drools.serialization.sign=true
```
- drools.serialization.private.keyStoreURL=<RL> is the URL of the private keystore location.
- In the example above, replace keystoredir and MyDroolsKeyStore.keystore with your keystore directory and the name of the keystore you created with the keytool
- drools.serialization.private.keyStorePwd=<password> is the password to access the private keystore.
- drools.serialization.private.keyAlias=<key> is the key alias (identifier) of the private key.
- drools.serialization.private.keyPwd=<password> is the private key password.
Save the file and exit.

Restart the server instance.

Warning

If the system properties were not configured properly, you will see this error when you try to build a rules package:

An error occurred building the package.

Error
signing object store: Key store with private key not configured. Please
configure it properly before using signed serialization

Report a bug

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

18.2. Enable Serialization on the Server

Where did the comment section go?