Websphere SSL - invalid certificate, key identifier is missing from authority key identifier extension

when you tried to access to secured WebService from your Websphere application , and get such error ":org.apache.axis2.AxisFault: 
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g:PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension"

you probably need to install the certificate in your web sphere

To establish trusted server-to-server communication for IBM Connections, import signer certificates from IBM HTTP Server into the WebSphere Application Server default trust store.

There are different types of certificates that you can use. This procedure describes how to import a self-signed certificate. You can also import a certificate that you purchased from a third-party Certificate Authority. To help decide a key file strategy for your environment, go the IBM HTTP Server knowledge center.

To import a public certificate from IBM HTTP Server to the default trust store in IBM WebSphere Application Server, complete the following steps:

Procedure

1. Log into the IBM WebSphere Application Server Integrated Solutions Console and select Security > SSL Certificate and key management > Key stores and certificates.
2. Click CellDefaultTrustStore.
3. Click Signer Certificates.
4. Click Retrieve from port.
5. Enter the Host name, SSL Port, and Alias of the web server. The Alias is typically an arbitrary string that will become the name of the credentials.
6. Click Retrieve Signer Information and then click OK. The root certificate is added to the list of signer certificates.
7. If using Tivoli® Access Manager or other proxies, also repeat steps 4-6 for your Tivoli Access Manager or other proxy servers.
8. restart server.

the above is from Adding certificates to the WebSphere trust store

there is another way :

Procedure

export the certificate :

navigate to the url via browser , in the browser click on the certificate , and export it in DER format or base64 format.

save it in accessible path.

1. Log into the IBM WebSphere Application Server Integrated Solutions Console and select Security > SSL Certificate and key management > Key stores and certificates.
2. Click NodeDefaultTrustStore.
3. Click Signer Certificates.
4. Click Add.
5. Enter the Alias of the web server. The Alias is typically an arbitrary string that will become the name of the credentials, and the exported certificate location- described above, choose the right dataType  (DER format or Base64).
6. Then click OK. The root certificate is added to the list of signer certificates.
7. restart server.

TRACE HTTP communication on WebSphere

Problem determination: Debugging HTTP communication using Tracing, HTTP error, and NCSA access log settings | WebSphere .



good article

Parse alternative backend service providers + Push issue

GitHub - relatedcode/ParseAlternatives: A collaborative list of Parse alternative backend service providers.:


Migrate from Parse to NodeChef’s Managed Parse Server

Azure welcomes Parse developers  - i could not migarate my db :(

Migrating-from-Parse-Push-to-Amazon-SNS

i choose NodeChef - very easy to migrate and all is working.

the steps i did:

• upgrade my app to the latest parse SDK.

• Create in google api console server key + enabled GCM 

• i used this article to change my manifast to enabled other services to send push.https://onesignal.com/blog/important-note-for-android-parse-push-users/ - but dont changed the code just add the meta data section into the manifast also described here  - at Parse SDK:  https://parse.com/docs/android/guide#push-notifications-setting-up-push

and boom the push is working

enjoy 

Yaniv Tzanany

OData Services - CodeProject

OData Services - CodeProject:

OData URL sample

http://hldt-yanivt/YanivTZServices/AlisDataService.svc

http://hldt-yanivt/YanivTZServices/AlisDataService.svc/$metadata

//all data
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$format=json

//all id and name
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$select=country_id,country_name&$format=json

//name and id for pk=1
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries(1)?$select=country_id,country_name&$format=json

//Filter by name
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$select=country_id,country_name&$format=json&$filter=(country_name eq 'Israel')

//Filter by id
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$select=country_id,country_name&$format=json&$filter=(country_id eq 1)

//count
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries/$count

//order by
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$select=country_id,country_name&$format=json&$orderby=country_name desc


//Insert recort
http://hldt-yanivt/YanivTZServices/AlisDataService.svc/t_countries?$format=json
POST
{
                "_id": 997,
                "_name": "Unknown997",
                "_abbreviation": null,
                "_cee": 0,
                "ent": 0,
                "iban_length": null
}

gmail smtp access from shared hosting

i get error in my code
"The SMTP server requires a secure connection or the client was not authenticated"
i used valid uid  and password for gmail account + SSL enabled   but still get it.

so i figure out that there is two secire links i needed to use:

enable Less Secure app 

and accout access enebled 

and its worked.

enjoy
yaniv tzanany

Everything you ever wanted to know about SSL

Everything you ever wanted to know about SSL (but were afraid to ask) - The Boy Wonders: