Every cleanse function created and used in a Reltio configuration must pass certification for performance and other aspects before it can be used and deployed in production.

Consider the followings steps when passing the certification process.

1. Certification by Reltio DEV - Ensure that the following points are taken care of:
   1. Does not contain memory leaks
   2. Does not contain exploits
   3. Does not contain attempts to work with file system, network, and any other slow devices (do not contain Reltio classes)
2. Certification by Reltio QA - It must be tested using a test harness created by the QA for performance before being used in live environments on the Reltio Connected Cloud. While doing so, the following points must be taken care of:
   1. Record average time to execute and response time
   2. Minimum throughput of 1000tps
   3. Latency of less than 10ms
   4. Multi-threaded
   5. Location to deploy (maybe on Elastic Beanstalk for auto-scaling)
   6. Executable from Java
3. Compile and sign JAR file(s) with the cleanse function implementation
   1. The cleanse function must be verified by the Reltio Dev and QA teams and then be compiled into JAR file(s).
   2. The person responsible for signing the cleanse function JAR file(s), must prepare the Java key store with the certificate to sign (for example, https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html).
   3. The compiled JAR file(s) must be signed using the certificate (using jarsigner -keystore <path to.keystore> -storepass <password to .keystor> <path to jar file> <certificate alias>).
   4. Copy the keystore file to all Reltio API environments that require certificate validation for cleanse functions.
4. Each API instance must be configured with the following System Properties:

   Table 1. System Properties

   System Property	Required	Details
   JAR_VERIFIER_KEYSTORE_TYPE	No (Optional)	Must be "JKS"
   JAR_VERIFIER_KEYSTORE_PATH	Yes	Path to the key store file
   JAR_VERIFIER_KEYSTORE_PASS	Yes	Password for the key store file
   JAR_VERIFIER_CERTIFICATE_ALIAS	Yes	Alias of a certificate that was used to sign the JAR files (export JAVA_OPTS="$JAVA_OPTS... -DloqateDefaultCountry=USA...")