How to create a self signed SSL certificate and how to use it with your web Server.

SSL certificate is the foremost important aspect of any website. If your website is running without the SSL, the modern browsers will stop the users from entering the website. Of course, there are ways to bypass that, at your own risk. As long as your website has no commercial data exchange, sensitive user information, etc, you are still good to run a website without a proper SSL certificate. For example, a blog can run without an SSL. 

Note that Google AdSense accepts websites without SSL. 

But the topic of this post is about Self Signed SSL certificate. How to create one, how to use it, and where to use it. 

Let us see where to use it. For any website which is used for internal purposes, it's always a good idea to use Self Signed SSL, instead of paying for a real SSL certificate. Internal I mean, within a company, team, or for personal uses, for testing purposes, etc. 

Now, let us see how to create a self-signed SSL certificate. 

What you need

A Linux machine. 

OpenSSL utility 

Apache2 Web Server with a sample website. 


Let us start...

Install prereqs. 

You need to install the mod_ssl to enable httpd or Apache to work with SSL certificates.  I am using CentOS-based Linux, so I will use the yum package manager utility. 

Perform all the steps as a non-root user with sudo permission. 

sudo yum install mod_ssl


This should install the SSL module for the httpd services. Please note that in CentOS it is called httpd whereas in Ubuntu it is called as Apache2. 

The certificate and key will be created under the default location. 

sudo mkdir -p /etc/ssl/private

sudo mkdir -p /etc/ssl/certs


Create the certificate and the private key 

Use the below OpenSSL command to create both certificate and private key. The one command does create both files. There is no additional step like creating CSR - Certificate Signing Request. Since this is a self-signed certificate, you are not going through the actual process of getting the certificate singed by the CA - Certification Authority. Examples for CA are, Symantec Inc, DigiCert etc. 


sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/host2-selfsigned.key -out /etc/ssl/certs/host2-selfsigned.crt

This will go into an interactive screen. It will prompt various inputs. 

Refer to the below screenshot for the inputs I have provided. 


Please note that the CN - Common Name should match with your domain, hostname or the IP address, as per your httpd settings for the website. In other words. I have used IP address here. 

If the command is successful, it exits from the OpenSSL interactive session. 

Now check the below locations for certificates. 

For ssl certificate check this location /etc/ssl/certs

For private key check this location /etc/ssl/private

ls -ltr /etc/ssl/private/

-rw-r--r--. 1 root root 1704 Jun 12 17:09 host2-selfsigned.key


ls -ltr /etc/ssl/certs/


-rw-r--r--. 1 root root 1419 Jun 12 17:09 host2-selfsigned.crt


Configure the New SSL certificates in the Apache server 

Create a new config file under /etc/httpd/conf.d/ to configure the Virtual Host and SSL certificate details. 

I am creating the file with the IP address of my host. 

sudo vi /etc/httpd/conf.d/152.70.72.193.conf

<VirtualHost *:443>
ServerName 152.70.72.193
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/host1-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/host1-selfsigned.key
</VirtualHost>


Now check the config files are valid by running 

sudo apachectl configtest

You should get Success OK status. This confirms that all your config files are correct. 

Now restart your httpd. 

sudo systemctl restart httpd.service

Now access the web application URL  https://152.70.72.193/  

If you are accessing the URL for the first time after the certificates are installed, then you will be warned by the browser. It clearly says the website uses an invalid certifiacte. 



Once you accept and click on the continue button, page should load properly as shown below




Notice the https and exclamatory mark and it indicates that there is an SSL certificate but it is not trusted by the browser. 

If the site is taking longer and then times out, check if the http version is working. If the http version is working then you to check if the firewalls are disabled for https ports. 

sudo firewall-cmd --add-service=https

If the output of this command is "success" Then it was an issue with the firewall. Now the page should load. 

Inspect the certificate from the browser. 

Click on the lock icon on the address bar, it says the connection is not secure. Click on more information and it shows the details of the certificate. 


If you want to see the certificate, click on the view certificate. 


How to set Python3 as default interpreter for VS Code | or set any version as default interpreter.

Want to run your python code with a particular python version in Microsoft VS Code? And, make it the default version?
Read on.
Make sure that the required version is installed. You check the available version and the path by running this command.

I am trying this on Apple Mac. It should be similar in Windows Machines as well.

 

Open the VS Code, at the bottom of the screen you will Terminal. If it is not visible, Go to View and then select Terminal.



Check the available python versions and their path. 


 % which python  

/usr/bin/python



 % which python2

/usr/bin/python2



 % which python3 

/Library/Frameworks/Python.framework/Versions/3.7/bin/python3


Next, 


Run this python code to check what version is used by default. 


import platform
print(platform.python_version_tuple())
print(type(platform.python_version_tuple()))



You will get this


('2', '7', '16')

<type 'tuple'>



Now you know the path and versions available.

In the VS code, go to the View menu and select Command Pallete



Now search for Python and you will get all the installed versions of Python.



Then select Python: Select interpreter. You will get all the installed versions of python. Select the one you want to be associated with your script.


Now run the same code again to check what is the default version set.


import platform
print(platform.python_version_tuple())
print(type(platform.python_version_tuple()))


('3', '7', '1') <class 'tuple'>


SOLVED | AdSense Approval Issues and Fixes for Site down or Unavailable | How to Fix

I tried to get an AdSense approval for my site but I got a mail from AdSense saying the site is down or unavailable. But the site is definitely accessible and all the other requirements are taken care of. The site is also very old and the domain itself is 3 years old. There are no issues with page views as well. 


Here is my situation.

I have an approved AdSense for YouTube. I got my blogger site upgrade to a top-level domain. This is the requirement to link your YouTube AdSense to your blogger site.  

I have taken care of all the requirements to apply for the AdSense for my site. 

1. Clean design and unique content. No issue with the design as I have created it using a blogger theme. 

2. About page, Contact Us Page, Privacy Policy Page. These are mandatory 

3. Top-Leve Domain


After applying for the AdSense I got the denial mail and looking at the reason, I was convinced that there must be a small mistake in the Domain setup or blogger settings.   

I tried these things and found the culprit. 

Make sure to check all these steps so that you will not get another denial. 


1. Check if the site is accessible with different combinations of WWW, HTTP and HTTPS 

krishtalk.com

www.krishtalk.com

https://www.krishtalk.com

http://www.krishtalk.com

Note that my site still runs without HTTPS, yet to add SSL certificate.  

All these combinations worked. 

So no issues at this point. 


2. Check the DNS settings from your Domain service provider. All CNAME settings were found to be good. Going wrong here has less chances,  if there are any issues with your domain settings, your site may not be accessible. 

So no issues found yet. 


3. Check if you have custom rebots.txt enabled 

This is one of the major reasons why approval is denied. Check the settings of your blog or you can just check the content of your robots.txt by appending robots.txt to the domain URL

http://www.krishtalk.com/robots.txt

Make sure that your robots.txt is not blocking any of the Google servers. 

This is the default robots.txt from my site. 

User-agent: Mediapartners-Google
Disallow: 

User-agent: *
Disallow: /search
Allow: /

Sitemap: http://www.krishtalk.com/sitemap.xml

checked my blogger settings and custom robots was turned off. 



This is also clean and not the culprit for my approval denial. 


4. Upload your sitemap to Google. 

I had done this before but, I did upload the sitemap.xml again. I am not sure if this will cause any issues. As long as your pages are searched from Google and you are getting the views then this should not be a problem. 

I do not think this was a problem for my site. 


5. While configuring your custom domain you might have selected the option "Redirect Domain". 

You will get an option to redirect your non-www site to www site under the Publishing tab of your blogger settings.  

like  krishtalk.com to www.krishtalk.com


When I checked this setting, it was turned on. I guessed this could be the issue. Since we are providing the non-www site while applying for AdSense. It is better to turn off this redirection. So Google can find and navigate the www site.

My guess was right. After changing this setting,  I again applied for review. After 2 days, I checked the status and it was approved. :) 


Thank you and let me know what worked for you. 


Notes: If you are applying for the AdSense for the first time for your blogger site, then you have to do it from within the blogger's earnings tab. 

If you already have an approved AdSense then you have to have a custom domain and from the AdSense account login, you have to apply for the site approval. 


How to create MS Word document automatically with Excel

MS Word and Excel can do wonders together.  You can do a lot of automation using these 2 applications for your small and medium businesses.  Here is one such solution.  

Generating the MS word report automatically using excel as a data source. Mail merge is used to link data from excel to word. Then a simple macro is used to get the desired record from Excel Spreadsheet.

Download the MS word document and Excel spreadsheet used in this video here

https://drive.google.com/drive/folders/0B4UB3eOhhY26TVdvQ3RucW1zb1E?resourcekey=0-YcGX4_XdYqt_C_dSztvA_A&usp=sharing

If you are not able to access this link, let me know. The link in my YouTube channel was not working, now I have uploaded the files here. 

[SOLVED] MacBook Pro keyboard backlight not working? Check this post

Keyboard backlight not working on your MacBook Pro? And your Mac has a touch bar? 

Continue reading...

MacBook Pro 2020 which comes with a touch bar has moved its Keyboard backlight controls to the touch bar. You will not see any control on the screen under the Keyboard settings. But the setting in the touch bar is also not easy to see and it bit tricky. You most probably, think that there is some issue with Keyboard. Even the support people suggest resetting some of the settings. That is what happened with my case. Luckily I found a way to change the settings. 


By default, the Keyboard backlight settings are not visible on the touch bar. You have to expand the tra-like stuff on the touch bar and then you will find icons, which look similar to screen brightness control icons. 

On the right side of your touch bar, you will these 4 controls

1. Screen Brightness control 

2. Volume control 

3. Mute control 

4. Siri button. 

Left these controls there is an arrow button which looks like '<', by clicking on this, you will see more controls. 


Once you click on the left arrow mark as shown in the above picture, it will open up more controls. 

At the center of the touch bar, you will see controls that look similar to Screen Brightness controls. You can use these to adjust the backlight of the Keyboard. 

How to create self signed ssl certificate, easy steps

 These are the ready commands to create self-signed SSL certificate. These certificates can be used for testing purposes. For a production-grade application, you need to contact a CA authority to get the actual SSL certificate. But for your internal testing, you can always use a self-signed SSL certificate. 


Here are the steps to create a Self Signed SSL certificate using OpenSSL


# generate self sigend ssl certificate


rm -rf *.pem


echo "Generating CA certificates"

# Step 1: generate CAs certificate

openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem -subj "/C=IN/ST=kartnataka/L=bangalore/O=test/OU=test/CN=*.test.com/emailAddress=test@test"

#inspect the CAs certificate

#openssl x509 -in ca-cert.pem -noout -text


# Step 2 generate server sign request certificate which will be used for self signing. Change the subject to as per web server


echo "Generating Server certificate sign request"

openssl req  -newkey rsa:4096 -keyout server-key.pem -out server-req.pem -subj "/C=IN/ST=kartnataka/L=bangalore/O=sever/OU=server/CN=*.server.com/emailAddress=server@test"


#openssl x509 -in server-req.pem -noout -text

# Step 3 Sign certificate


echo "Signing the server certificate with CA"

openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-signed-cert.pem


# Inspect the signed certificate


#openssl x509 -in server-signed-cert.pem -noout -text

How to Fix ImportError: No module named 'flask' with virtualenv

Flask is one of the most used frameworks in Python. If you are new to the flask and if you are getting this error - ImportError: No module named 'flask' on virtualenv, read further.

You are sure that the Flask module is already installed. But still, you are getting No module error. This is because you need to install a flask framework inside the virtualenv.

Follow these instructions


Step 1

Create a directory where you will be installing the virtualenv.

 

krishna@osboxes:~$ mkdir testenv

 

Step 2

Get inside the folder and install virtualenv

krishna@osboxes:~$ cd testenv/

krishna@osboxes:~/testenv$ pip install virtualenv

or

$ sudo apt-get install virtualenv

 

Successfully installed appdirs contextlib2 distlib filelock importlib-metadata importlib-resources pathlib2 scandir singledispatch six typing unknown unknown virtualenv


Step 3

Activate the virtualenv

This virtual environment requires activation and dedicated installation inside the virtual environment. It has to be installed after creating a virtual environment. The libraries will reside inside the folder created for the virtual environment.

 

krishna@osboxes:/tmp/tempenv$ source tempenv/bin/activate

(tempenv) krishna@osboxes:/tmp/tempenv$

 

Please note that you are inside the virtual environment.

Step 4

Install Flask inside the virtual environment

(tempenv) krishna@osboxes:/tmp/tempenv$ pip install Flask

Successfully installed Flask-1.1.2 Jinja2-2.11.2 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0

Make sure that there is Flask package available inside the virtual env folder

 

(tempenv) krishna@osboxes:/tmp/tempenv$ ls -ltr tempenv/lib/python3.5/site-packages/ | grep -i flask

drwxrwxr-x 4 krishna krishna 4096 Aug 22 11:05 flask

drwxrwxr-x 2 krishna krishna 4096 Aug 22 11:05 Flask-1.1.2.dist-info

 

Step 6

Create a generic test.py basic python script to test the Flask

 

from flask import Flask

app = Flask(__name__)

@app.route('/')

def hello_world():

    return 'Hello World!'

if __name__ == '__main__':

    app.run()

 

Execute the python script

(tempenv) krishna@osboxes:/tmp/tempenv$ python test.py

 * Serving Flask app "test" (lazy loading)

 * Environment: production

   WARNING: This is a development server. Do not use it in a production deployment.

   Use a production WSGI server instead.

 * Debug mode: off

 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)


How to create a self signed SSL certificate and how to use it with your web Server.

SSL certificate is the foremost important aspect of any website. If your website is running without the SSL, the modern browsers will stop t...