Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Secure communication with Red Hat Decision Manager

December 2, 2021
Pramod Padmanabhan
Related topics:
DevSecOpsLinuxSecurity
Related products:
Red Hat Enterprise LinuxRed Hat JBoss Enterprise Application PlatformRed Hat OpenShift

Share:

    Securing communications over networked services is an essential administrative task. This article shows you how to install and configure an SSL certificate to enable HTTPS-secured communication with Red Hat Decision Manager 7.11 on-premises. To minimize the requirements for our example, we will use a self-signed certificate. You can use the same steps with a certificate signed by a certificate authority (CA).

    What is Red Hat Decision Manager?

    Before we install and configure Red Hat Decision Manager, let's take a minute to review what it's used for.

    Red Hat Decision Manager is a scalable, open source business rules management system that includes business resource optimization and complex event processing (CEP) technology. Decision Manager helps organizations capture business logic and develop applications that automate business decisions. To achieve these goals, it includes tools for both business experts and developers, as shown in Figure 1.

    Components of Red Hat Decision Manager support rule-based business decisions.
    Figure 1. Components of Red Hat Decision Manager support rule-based business decisions.

    Decision Manager 7 is a subset of Red Hat Process Automation Manager and is fully compatible with Red Hat OpenShift for deployment in hybrid cloud environments.

    Red Hat Decision Manager's two major components are:

    • Business Central: Contains components for authoring and management, such as the authoring and repository components. The authoring component helps both application developers and business experts create and manage rules. The repository component is based on Git and is used mainly to store and version business assets.
    • Decision Server: The runtime server that hosts business rules. The compiled version from the Business Central component is usually deployed to the Decision Server.

    You can host Red Hat Decision Manager on the following platforms:

    • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • Red Hat JBoss Web Server
    • Red Hat OpenShift Container Platform
    • Oracle WebLogic Server
    • IBM WebSphere Application Server

    Now you have an overview. Let's get down to business.

    Install Decision Manager and the Business Central server

    If you have a Red Hat subscription, it is recommended that you download Decision Manager from the Red Hat product downloads site. Otherwise, you can download Decision Manager from Red Hat Developer.

    The installation in this example is based on JBoss EAP. The operating system is Red Hat Enterprise Linux (RHEL) 7.

    Step 1: Install OpenJDK

    Before proceeding with the Red Hat Decision Manager installation, we'll install OpenJDK for RHEL 7. See the Red Hat Decision Manager documentation to learn more about supported configurations.

    Enter the following to install the Red Hat build of OpenJDK:

    $ sudo yum install java-11-openjdk-devel

    Step 2: Check the installation

    Check whether your OpenJDK installation was successful:

    $ java -version
    
    openjdk version "11.0.10" 2021-01-19 LTS
    
    OpenJDK Runtime Environment 18.9 (build 11.0.10+9-LTS)
    
    OpenJDK 64-Bit Server VM 18.9 (build 11.0.10+9-LTS, mixed mode, sharing)

    Step 3: Create a non-root user

    Now, create a non-root user:

    $ id -u jboss &>/dev/null || sudo useradd -m -d /home/jboss jboss

    Step 4: Set up a directory for installing JBoss EAP

    Set up your installation directory as follows:

    $ sudo -u jboss mkdir -p /opt/redhat/rhdm

    Step 5: Download and extract JBoss EAP

    Next, download JBoss EAP:

    $ sudo -u jboss unzip <download-location>/jboss-eap-7.3.x.zip -d /opt/redhat/rhdm

    Note: It is recommended to install any patches that are present for the version of JBoss EAP that you install.

    Step 6: Create a JBOSS_HOME environment variable

    To refer to the /opt/redhat/rhdm/jboss-eap-7.3.x directory conveniently, you need to create a JBOSS_HOME environment variable:

    $ export JBOSS_HOME=/opt/redhat/rhdm/jboss-eap-7.3.x
    $ echo 'export JBOSS_HOME="/opt/redhat/rhdm/jboss-eap-7.3.x"' >> ~/.bashrc
    $ source ~/.bashrc

    Step 7: Create an admin user in JBoss EAP

    Create your admin user as follows:

    $ sudo -u jboss $JBOSS_HOME/bin/add-user.sh -a --user bcadmin \
    --password changeme --role admin,rest-all,kie-server

    Step 8: Install Business Central on JBoss EAP

    Unzip and copy the Business Central deployable to your JBoss EAP instance:

    $ unzip -qo <download-location>/rhdm-7.11.1-decision-central-eap7-deployable.zip \
    -d <download-location>/tmp
    $ sudo -u jboss cp -rf <download-location>/tmp/jboss-eap-7.3/* $JBOSS_HOME

    Step 9: Deploy the WAR file

    Next, create a .dodeploy marker file to deploy the WAR file:

    $ sudo -u jboss touch $JBOSS_HOME/standalone/deployments/decision-central.war.dodeploy

    Step 10: Start the JBoss server

    Now, you can start the server:

    $ sudo -u jboss $JBOSS_HOME/bin/standalone.sh -c standalone-full -b 0.0.0.0

    Step 11: Verify the installation

    Finally, visit http://localhost:8080/decision-central/ and log in using your credentials. For these examples, the credentials are user bcadmin and password changeme.

    Note: For non-workstation environments, it is recommended to create a service to start the JBoss EAP instance.

    Install the Decision Server

    To start this installation, simply repeat Steps 1 through 6 from the Business Central section, replacing Business Central with Decision Server for each step. Once you've done that, you can proceed to the next steps, as follows.

    Step 7: Create an admin user in the JBoss EAP instance

    Enter the following to create the admin user:

    $ sudo -u jboss $JBOSS_HOME/bin/add-user.sh -a --user kieadmin --password changeme --role kie-server

    Step 8: Install Decision Server on JBoss EAP

    Unzip and copy the Decision Server deployable to the JBoss EAP instance:

    $ sudo unzip /<download-location>/rhdm-7.11.1-kie-server-ee8.zip /opt/tmp/Software
    $ sudo -u jboss cp -r /<download-location>/kie-server.war/  $JBOSS_HOME/standalone/deployments/

    Step 9: Deploy the WAR file

    Create a .dodeploy marker file to deploy the WAR file:

    $ sudo -u jboss touch $JBOSS_HOME/standalone/deployments/kie-server.war.dodeploy

    Step 10: Register KIE to Business Central

    On the KIE/Decision Server, enter the following command:

    $ $JBOSS_HOME/bin/jboss-cli.sh
    
    [disconnected /]embed-server --server-config=standalone-full.xml --std-out=echo
    
    [standalone@embedded /] /system-property=org.kie.server.id:add(value=kie-server1)
    
    {"outcome" => "success"}
    
    [standalone@embedded /] /system-property=org.kie.server.controller.user:add(value="bcadmin")
    
    {"outcome" => "success"}
    
    [standalone@embedded /] /system-property=org.kie.server.controller.pwd:add(value="changeme")
    
    {"outcome" => "success"}
    
    [standalone@embedded /] /system-property=org.kie.server.controller:add(value="https://bc-host:8443/decision-central/")
    
    {"outcome" => "success"}
    
    [standalone@embedded /] /system-property=org.kie.server.location:add(value="https://kie-host:8443/kie-server/services/")
    
    {"outcome" => "success"}

    Step 11: Connect Business Central and Decision Server

    On the Business Central server, enter the following command to accept connections from the Decision Server:

    $ $JBOSS_HOME/bin/jboss-cli.sh
    
    [disconnected /]embed-server --server-config=standalone-full.xml --std-out=echo
    
    [standalone@embedded /] /system-property=org.kie.server.user:add(value="kieadmin")
    
    {"outcome" => "success"}
    
    [standalone@embedded /] /system-property=org.kie.server.pwd:add(value="changeme")
    
    {"outcome" => "success"}

    Step 12: Restart your servers

    As the final step in this section, you can restart the Decision Server and Business Central servers.

    Create a self-signed certificate (optional)

    If you are using a CA-signed certificate, you can skip this section.

    Step 1: Generate a key

    To start, generate a key without any password:

    $ sudo -u jboss mkdir -p /opt/redhat/ca-cert/
    $ cd /opt/redhat/ca-cert/
    $ sudo -u jboss cp /etc/pki/ca-trust/extracted/java/cacerts .
    $ keytool -genkeypair -alias jboss -keyalg RSA -keystore cacerts -storepass changeit
    
    What is your first and last name?
    
    [Unknown]: com.redhat.pramod.dev
    
    What is the name of your organizational unit?
    
    [Unknown]: consulting
    
    What is the name of your organization?
    
    [Unknown]: Red Hat
    
    What is the name of your City or Locality?
    
    [Unknown]: Sydney
    
    What is the name of your State or Province?
    
    [Unknown]: NSW
    
    What is the two-letter country code for this unit?
    
    [Unknown]: AU
    
    Is CN=com.redhat.pramod.dev, OU=consulting, O=Red Hat, L=Sydney, ST=NSW, C=AU correct?
    
    [no]: yes
    
    Enter key password for <jboss>
    
    (RETURN if same as keystore password):

    Step 2: Verify the key

    Now, verify the key:

    $ keytool -list -keystore cacerts

    Step 3: Generate a certificate signing request

    Enter the following to generate a certificate signing request:

    $ keytool -certreq -keyalg RSA -alias jboss -keystore cacerts -file certreq.csr

    That's it; you've completed the process to create a self-signed certificate.

    Configure HTTPS on both servers

    The last step is to configure HTTPS on both the Business Central and Decision Server servers. We'll start with Business Central.

    Step 1: Export a certificate

    You'll need a certificate from the keystore. Export it as follows:

    $ keytool -export -alias jboss -keystore cacerts -file server.crt

    Step 2: Import the certificate

    There are two ways to import the certificate. If you are using the .pfx file, enter the following command:

    $ keytool -v -importkeystore -srckeystore client-key.pfx \
    -srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS \
    -srcstorepass client-password -deststorepass changeit \
    -destalias servercert -srcalias client-key-alias-in-pfx \
    -destkeypass changeit

    If you are not using the .pfx file, import the signed certificate along with any intermediate certificates:

    $ keytool -import -keystore cacerts -alias intermediateCA -file intermediate.ca
    $ keytool -import -alias servercert -keystore cacerts -file server.crt

    Note: Use the servercert alias in the above command.

    Step 3: Test the import

    Test that your certificates were imported successfully:

    $ keytool -list -v -keystore cacerts -storepass changeit | grep servercert -i

    Step 4: Add your new HTTPS configuration

    Now, remove the default HTTPS configuration and add the new one:

    $ /core-service=management/security-realm=CertificateRealm:add()
    $ /core-service=management/security-realm=CertificateRealm/server-identity=ssl:add(alias="servercert",keystore-password=changeit, keystore-path="/opt/redhat/ca-cert/cacerts")
    $ /core-service=management/security-realm=CertificateRealm/authentication=truststore:add(keystore-path="/opt/redhat/ca-cert/cacerts",keystore-password=changeit)
    $ /subsystem=undertow/server=default-server/https-listener=https:remove
    $ /subsystem=undertow/server=default-server/https-listener=https:add(security-realm=CertificateRealm, secure=true, socket-binding=https,enabled-protocols="TLSv1.1,TLSv1.2")
    $ exit

    After you've added the HTTP configuration, restart the JBoss EAP server. Then, repeat Steps 1 through 4 for the Decision Server.

    Step 5: Validate the certificate on both servers

    As the final step in this exercise, you can validate that the certificate is installed correctly on the Business Central and Decision Server servers by visiting their respective websites: https://bc-host:8080 and https://kie-host:8080.

    Next steps with Red Hat Decision Manager

    If you have reached this point in the exercise, you have successfully installed the certificate in your Decision Manager servers. As a future exercise, we could automate these steps using a tool such as Red Hat Ansible Platform or Terraform.

    The following resources can help you make the most of Red Hat Decision Manager:

    • Overview of Red Hat Decision Manager
    • Datasheet for Red Hat Decision Manager
    • Installing and Configuring Red Hat Decision Manager
    • Download page for Red Hat Process Automation Manager
    Last updated: September 27, 2024

    Related Posts

    • Domain-specific Prometheus metrics with Red Hat Process Automation Manager and Decision Manager

    • Enabling CI/CD for Red Hat Decision Manager on OpenShift

    • Detecting credit card fraud with Red Hat Decision Manager 7

    Recent Posts

    • How Trilio secures OpenShift virtual machines and containers

    • How to implement observability with Node.js and Llama Stack

    • How to encrypt RHEL images for Azure confidential VMs

    • How to manage RHEL virtual machines with Podman Desktop

    • Speech-to-text with Whisper and Red Hat AI Inference Server

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue