Generate and import a Self-Signed SSL certificate on Mac OS X Sierra

Step 1: Verify that you have openssl installed.

$ which openssl
/usr/bin/openssl
$

If not, install openssl using:

$ brew install openssl
$

If you are using Microsoft(r) Windows, checkout http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the openssl package on Windows.

If you using Linux, you can use the default package manager to get the openssl package installed on your box. For example:

# In case of Ubuntu:
$ sudo apt-get install openssl
$

Step 2: Create a RSA private key.

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. 
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key

# We no longer need the 'server.pass.key'
$ rm server.pass.key
$

server.key is a PEM RSA private key. To know more about what is a PEM file and it’s significance, read What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? at serverfault.com.

Step 3: Create the Certificate Signing Request (CSR) utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: <provide a CN - usually, FQDN of your site>
Email Address []: <provide the email address to be included in the certificate signing request>

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$

The ‘challenge password’ is used by the Certificate Authority (CA) to authenticate the certificate owner when they have to revoke the certificate. There is no way to revoke a Self-Signed Certificate via Certificate Revocation List (CRL) (refer: https://devcenter.heroku.com/articles/ssl-certificate-self#generate-private-key-and-certificate-signing-request]

As a result of executing the above command, you will find a file named server.csr (‘csr’ stands for Certificate Signing Request) in the same directory.

Step 4: Generate a file named, v3.ext with the below listed contents:

$ cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
$

This step is required because when you load the certificate in the Chrome browser, it would display an error portrayed in the below screenshot.

Setting the DNS.1 value in v3.ext file to be same as the Common Name that you mentioned while generating the certificate signing request would resolve the error. Refer https://stackoverflow.com/questions/43665243/chrome-invalid-self-signed-ssl-cert-subject-alternative-name-missing for more details about the subject alternate name missing error and the solution.

  1. Create the SSL Certificate utilizing the CSR created in the last step.
    $ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
    Signature ok
    subject=/C=<country>/ST=<state>/L=<locality>/O=<organization-name>/OU=<organization-unit-name>/CN=<common-name-probably-server-fqdn>/emailAddress=<email-address-provided-while-generating-csr>
    Getting Private key
    $
    

The above command will use the Certificate Signing Request and the RSA Private Key that we generated as part of executing the previous steps and generate a Certificate file named, server.crt (‘crt’ is an abbreviation of ‘Certificate’) and place it in the same directory.

Step 5: Import the newly generated certificate in your Keychain (Mac OSX only).

Since this is a self-signed certificate, the browser would display a warning mentioning that the certificate is self-signed and the website should not be trusted as portrayed in the below-listed screenshot captured on the Chrome browser.

Click the Advanced hyperlink at the bottom of the warning page and click Proceed to hyperlink.

The browser will allow you to proceed and open the homepage but will mark the site as Not-Secure as portrayed in the image below.

To avoid this accepting the self-signed certificate everytime you restart chrome or restart your web server, follow the steps outlined at Google Chrome, Mac OS X and Self-Signed SSL Certificates to add the certificate to your Mac OSX Keychain. Restart Chrome.

Other platforms like Microsoft(r) Windows and Linux have similar techniques to import a certificate into a browser. A quick Google(r) search should be able to provide you with the exact steps based on the browser that you use.

Now Chrome should happily display the green ‘Secure’ icon against the URL when you navigate to your locally deployed website. Also, the Security tab within the Developer Tools should list the site as ‘Secure’ as portrayed in the screenshot below.


References:

  1. Generating a self-signed certificate using OpenSSL
  2. How to create a self-signed certificate with openssl?
  3. Creating a Self-Signed SSL Certificate
  4. What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
  5. Chrome: Invalid self signed SSL cert – “Subject Alternative Name Missing”
  6. Google Chrome, Mac OS X and Self-Signed SSL Certificates
Advertisements

Turn GIMP look and feel into Photoshop

If you had ever planned to switch over from Photoshop to GIMP, the first thing that comes to mind is to figure out a way to learn and adjust to a look and feel that is different from Photoshop.

The developers of GIMP have designed the look and feel of GIMP to signify and portray the strengths of GIMP. The default look and feel (after selecting Window => Single-Window Mode) is similar to the screenshot below (captured on MacBook Pro with GIMP 2.8.22 installed).

While there is a learning curve involved in getting used to GIMP, it may help new comers migrating from Photoshop to change the look and feel of GIMP to the one they are used to while using Photoshop.

There are multiple suggestions and tutorials all over the web to help you achieve it. This article outlines one such method that I used to change the theme such that the look and feel is simliar to the one portrayed in the image below.

Step 1: Follow the instructions listed at https://github.com/doctormo/GimpPs/blob/master/README.md to install the excellent GIMP 2.8 Photoshop tweaks by the Deviant Art contributor who goes by the handle, Doctormo. The Deviant Art page that describes the GIMP 2.8 Photoshop tweaks is available at: https://doctormo.deviantart.com/art/Gimp-2-8-Photoshop-Tweaks-432736644.

Installing the tweaks by following the steps listed in the Doctormo’s README not only changes the look and feel of GIMP to that of Photoshop (more like a Photoshop CS6) but also installs the Photoshop keyboard shorts.

Step 2: Unlike Photoshop, by default, GIMP does not snap layers to the grid. To enable this feature, edit the gimprc file. This file can be found either in the ~/Library/Application Support/GIMP/2.8 folder or within the ~/.gimp-2.8 folder. If it does not exist, create one and place it in one of the two folders listed above. Append the below two lines to gimprc and restart GIMP.

(default-snap-to-canvas yes)
(default-snap-to-grid yes)

Credits:
One of the blogs that has heavily influenced the contents of this blog and also the options that I tried out is https://www.pcsteps.com/1566-make-gimp-look-work-like-photoshop/. It contains suggestions on additional changes that can be added to your GIMP installation to turn it more into Photoshop.


References:

  1. How to Make GIMP Look and Work like Photoshop
  2. https://github.com/draekko/gimp-cc-themes
  3. https://github.com/doctormo/GimpPs

How to fix the ‘Experimental Decorator’ warning in Visual Studio Code when working on React-Native codebase?

Recently, I started to work on a React-Native project which used mobx and firebase. As part of building the Authentication Store that would allow me to authenticate a user against the user data stored in the firebase account, I resolved to using the @observable and @action decorators available in as part of the mobx package. As the title of this article hints, Visual Studio Code was used as the IDE during the development.

When these decorators were used, VSCode displayed a warning as depicted below.

It read,

[js] Experimental support for decorators is a feature that is subject to change in a future release. Set the ‘experimentalDecorators’ option to remove this warning.

1.13.1 was the version of the Visual Studio Code in use.

How do we fix this?

  • Create a file, entitled, tsconfig.json (if not already present) in the root directory of your project folder.

    tsconfig.json represents the ‘TypeScript configuration options’ that VSCode is expected to read and apply when the developer is working on the files related to the project that are stored in the sub-folders within the project folder.

  • Add the below content to tsconfig.json (ref: https://stackoverflow.com/questions/31737677/vscode-is-it-possible-to-supress-experimental-decorator-warnings).
  • {
        "compilerOptions": {
            "experimentalDecorators": true,
            "allowJs": true
        }
    }
    
  • The second option, allowJs: true is important.

  • Shutdown (⌘+q) and restart Visual Studio Code.

There are several other options which can be set in the tsconfig.json that affect the behaviour of Visual Studio Code editor. You can read about them in the docs – https://code.visualstudio.com/docs – search for tsconfig.json.


References:

  1. Getting an error for experimental support for decorators with experimentalDecorators enabled #470
  2. –experimentalDecorators flag seemingly not accepted from tsconfig.json #10084
  3. experimentalDecorators Typescript warning always present #8069
  4. How to remove experimentalDecorators warning in VSCode
  5. VSCode: Is it possible to supress experimental decorator warnings

Increase the Key repeat rate in OS X Sierra

Settings on my Macbook Pro:

~ $ defaults read -g InitialKeyRepeat
68
~ $ defaults read -g KeyRepeat
60

The InitialKeyRepeat value represents the ‘Delay Until Repeat option’ in the ‘Keyboard Preferences’ (System Preferences => Keyboard). The KeyRepeat value signifies the value set by the ‘Key Repeat’ option in the ‘Keyboard Preferences’. Below is a screenshot that portrays these options for clarity.

Default key repeat settings in Macbook Pro

‘Key Repeat’ value signifies how quickly the characters repeat when a key is held down.

‘Delay Until Repeat’ option indicates how long to wait before the character is repeated when a key is held down.

To increase the key repeat rate, drag the sliders under ‘Key Repeat’ and ‘Delay Until Repeat’ options all the way to the Right.

Updated key repeat settings

This updates the values as:

~ $ defaults read -g InitialKeyRepeat
15
~ $ defaults read -g KeyRepeat
2

The value of 15 for ‘InitialKeyRepeat’ option indicates that the system waits for 225 milliseconds before repeating a character initially. The value of 2 for ‘KeyRepeat’ tells the system to wait for 30 milliseconds before repeating the character after the initial repetition.

You can also consider using a third party tool like Karabiner (https://pqrs.org/osx/karabiner/), that provides a more flexible way to set these options. Please note, as of Jun 2017, the tool does not support MacOS Sierra, yet.

If you would like to further increase the key repeat speed, you can do it through the command line:

~ $ defaults write -g InitialKeyRepeat -int 10
~ $ defaults write -g KeyRepeat -int 1

The value of 10 for InitialKeyRepeat implies a wait of 112.5 milliseconds before repeating the character for the first time and the value of 1 for KeyRepeat indicates a wait of 10 milliseconds for subsequent repetitions.


References:

  1. How to increase keyboard key repeat rate on OS X?
  2. Karabiner-Elements

Enable web interface to manage printer settings in MacOS Sierra

I use a HP 915 All-in-One Inkjet printer. I like it because of the fact that buying a new cartridge costs almost same as the refilled cartridge. As a result, I always buy a new cartridge when the current ones run out of ink, minus the feeling of being taken for ride by the Printer companies (read: Why Is Printer Ink So Expensive? and All printer ink is more expensive than gold]

The printer settings dialog that can be opened via System Preferences -> Printers and Scanners -> Choose your printer in the list -> Options and Supplies is extremely simplified. This is good for a regular Mac user. But if you need to customize the print output, say, you would like to change the default presets, there is no way to achieve it via the Options and Supplies dialog. This is where enabling the web interface to manage printer settings comes into play.

Mac uses CUPS which is an acronym for Common Unix Printing System. In simpler terms, it’s the network printing service used by Mac. Ideally, it is utilized to setup and configure printers that are connected to the network. In our case, we will use it to configure the printer connected locally to our Mac.

Step 1: Open the terminal and enter the below command.

cupsctl WebInterface=yes

The above command may fail if you are not the root user. In that case, try executing:

sudo cupsctl WebInterface=yes

If you come across an error message that reads, cupsctl: Internal Server Error, you would have to follow the alternative method of enabling WebInterface as described in the Apple Support Forum, here: https://discussions.apple.com/thread/6485634?tstart=0. As listed on the support forum, the alternative is to edit cupsd.conf file located within the /private/../cups folder using a text editor and updating the line that starts with WebInterface no as WebInterface yes (if its not already yes).

Step 2: Open http://localhost:631/printers/ in your browser. You should be able to see the list of printers connected to your machine.

Step 3: After you have updated your printer settings, you can consider disabling the interface by executing:

cupsctl WebInterface=yes
# Or, sudo cupsctl WebInterface=yes

or, updating the cupsd.conf by replacing WebInterface yes as WebInterface no within it.


References:

Spotlight does not list newly installed applications on macOS Sierra

I decided to try the IntelliJ IDEA editor (https://www.jetbrains.com/idea/download/). After installing the editor, I realized that Spotlight did not list it even after several days.

While searching for a solution, it came to my notice that this is a common problem and can be fixed easily. There were several solutions listed on the Internet. The one that worked for me was to open System Preferences -> Spotlight -> Privacy  and add the volume Macintosh HD to the exclude list (volumes / directories that Spotlight will not index for search) and remove it immediately. This solution was listed in one of the threads related to Spotlight at the Apple Support Communities portal (https://discussions.apple.com/thread/2697313?tstart=0).

There were several other solutions that I did not try but found one of them worth mentioning:

Enable display of hidden files and folders in Mac

This article is note to myself. It lists the command to be executed to show hidden files and folder in Mac. As a practice, the names of the Hidden files and folders are prefixed with a period.

Step 1: Open the Terminal – type Cmd + Space followed by terminal in the search box and press return.

Step 2: Within the terminal window, enter the following command and press return.

defaults write com.apple.finder AppleShowAllFiles YES

If you would like to hide hiddens files and folders, type:

defaults write com.apple.finder AppleShowAllFiles NO

Step 3: Relaunch the Finder.

  • Hold the Option + Control keys and click on the Finder icon on the Dock.
  • Select Relaunch in the menu.