I work primarily on a macbook, (it’s usually perched on my lap while I work). My current (and my first) macbook had magsafe charging, which is a nice feature, but when you work with a laptop on your knee you are constantly knocking the magsafe charger, which results in an annoying ‘I’m NOT charging, and now I AM charging again’ noise (I can cope with). But as soon as it’s on battery power it dims the screen which would not be a problem if it turned the brightness back up when main power resumes!
Here’s how to STOP that from happening,
Solution: Mac Screen Dim
Click the ‘Apple Logo’ (top left of your screen) > System Settings > Battery > Options.
Disable/Deselect ‘Slightly dim the display on battery > Done.
For something that’s annoyed me for a while. that was a remarkably easy fix.
Related Articles, References, Credits, or External Links
I had to update the ‘self-signed‘ certificate on my VMware vCenter today, but when I went to browse to it, I got this.
Net:: ERR_CERT_AUTHORITY_INVALID
Well yes of course I don’t trust the CA that issued this certificate it’s a self-signed certificate! So HOW DO I TRUST IT?
Solution : Bypass Blocked Certificate
The answer I didn’t believe when I read it – because it sounds like an IT Department prank, but it works. Make sure you have clicked into the page somewhere, so it is the window that’s in focus and, type the following on your keyboard.
thisisunsafe
The website will open.
Note: If you are in an inPrivate browsing window, it will only persist in that session, but for normal browsing the site will be added to the “allowed” website list.
Related Articles, References, Credits, or External Links
This post was written because of a follow up question in this article. How do you go about convert certificates? Sometimes you get a certificate issued or sent toy you that is in a format you cannot import, so you need to convert it. Regardless of whether you are a mac/Linux user or a Windows user, the tool that I find best to use is OpenSSL.
OpenSSL is built into macOS to use OpenSSL on Windows you need to download, install, then run the openssl.exe (usually form command line, but you can also run from PowerShell (Note: See comment below if you intend to use PowerShell).
Linux Note: To install OpenSSL, different flavours of Linux differ e.g. sudo apt-get install openssl should work in most cases.
Windows Note: Remember to change to the directory in which OpenSSL.exe resides before executing the following command(s). See the Windows Examples for clarification.
Solution : Convert Certificates
The most common form of issued x509 certificates have a .crt or a .cer extension, CRT is based on DERDistinguished Encoding Rules, and the other (CER) is based on PEMPrivacy Enhanced Mail. OpenSSL can convert form one to the other. Note: Below I’ve shown the process on my mac and a Windows PC to illustrate the process is the same.
Convert Certificates CRT to CER
Use the following Syntax to convert from CRT to CER format. (Change the values in Red to match your source and destination certificate locations).
[box]
openssl x509 -inform PEM -outform DER -in /Users/petelong/CERTS/Source-Certificate.crt -out /Users/petelong/CERTS/Output-Certificate.cer
[/box]
Convert Certificates CER to CRT
Use the following Syntax to convert from CER to CRT format. (Change the values in Red to match your source and destination certificate locations).
[box]
openssl x509 -inform DER -outform PEM -in /Users/petelong/CERTS/Source-Certificate.cer -out /Users/petelong/CERTS/Output-Certificate.crt
[/box]
Convert Certificates CRT to PEM
Disclaimer: This is a bit of a misnomer, because .crt certificates are already in PEM format. You can simply open a .crt file and view it as a PEM file. Use the following Syntax to view a CRT in PEM format. (Change the values in Red to match your source and destination certificate locations).
[box]
Linux / macOS
cat /Users/petelong/CERTS/My-Certificate.crt
Windows
type C:/Certs/My-Certificate.crt
[/box]
Then copy the ‘text’ as shown in the examples above. DO NOT include any additional spaces (as shown above). And you have a PEM file you can paste this into a text editor and save it with a .pem extension if you need to ‘send’ it somewhere.
Can I simply rename .crt to .pem (YES YOU CAN)
Convert Certificates CER to PEM
This is slightly more complicated as .cer files are in DER format, if you try and open one with a text editor you will simply see gobbledegook. So you need to convert it into PEM format with he following syntax.
[box]
openssl x509 -inform DER -outform PEM -in /Users/petelong/CERTS/My-Certificate.cer -out /Users/petelong/CERTS/PEM-Certificate.pem
[/box]
Once that’s done (as above) you can simply open the .pem file in a text editor or cat (mac/Linux) or type (Windows) the content.
Converting Certificates (PowerShell)
Be Aware: When calling OpenSSL form a PowerShell command, you need to prefix the command with a ‘dot slash’ see the examples below for clarification.
Related Articles, References, Credits, or External Links
Teams for Mac Spellcheck Not Working KB ID 0001842
Problem
I’m running Teams for Mac (Microsoft Teams Classic) and this has happened a couple of times now. My spelling is terrible, so I tend to just type furiously and then go back and fix my spelling mistakes. As with all ‘office based’ application it helpfully underlined all the typos in red, then USUALLY I can right click and correct them.
Each time it breaks I can see what has been misspelled but the right click menu does not appear, like so
Solution: Teams for Mac Spellcheck Not Working
The first time this happened I simply changed languages from English (US) to English (United Kingdom) and the problem went away. But it returned today.
I had to run the following command (Warning: This will drop all your Teams personal settings and you will need to re-authenticate). Firstly quit Teams if it’s still running, then execute the following command, (in Terminal)
Certified working all the way up to macOS Ventura version 13.6
Certified working all the way up to macOS Sonoma version 14.1
I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error;
Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1
Note: You may also see the following error;
Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Update: 10/04/20: With newer equipment you may see the following error;
Unable to negotiate with x.x.x.x port 22: no matching MAC found Their offer: hmac-sha2-256
Update 08/12/21: With newer Cisco equipment you may see the following error;
Unable to negotiate with x.x.x.x.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Mac SSH Error – Fix
WARNING: My usual fix for this is to edit the macs ssh_configfile directly and allow the older (less secure) connection methods. It has been (correctly) pointed out, that this is the ‘least preferred‘ method, as it will allow these less sure methods for ALL SSH connections. The preferred fix, is to create a new file in your own home folder, with the connection settings for EACH SSH CONNECTION. However, I manage hundreds of firewalls. routers and switches so that method is a little unwieldy for me. But I will include it at the end of the article, for the more security conscious of you.
Not Apple’s fault to be fair, it’s OpenSSH version 7. SHA1 is weak, so support for it has been removed. Which is fine, but all my clients Cisco Firewalls, Routers, Switches are probably all using RSA/SHA1. So until they re all updated I’m going to need to re-enable SHA1.
Open a terminal windows and execute the following;
[box]
sudo nano /etc/ssh/ssh_config
ENTER YOUR PASSWORD
[/box]
Locate the line ‘ # MACs hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com,hmac-ripemd160′ and remove the Hash/Pound sight from the beginning, and add the extra hashing algorithm that I’ve shown above in red.
Locate the line ‘ # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc’ and remove the Hash/Pound sight from the beginning.
To quit nano, use the Ctrl-X key combination. because you are working on has been modified since the last time you saved it, you will be prompted to save the file first. Type y to save the file.
Theres no reason to reboot, it should work straight away.
But Wait – Theres More!
It’s going to happen every time you upgrade your mac, I’ve started taking a backup of the ssh_config file, then I can just restore it back again, like so;
Using this method you will create a connection (entry) for each asset you want to connect to. This will be saved in your Home directory so if multiple people use the Mac you will need to do this for each user.
Firstly create a config file in you home directory.
[box]
sudo nano ~/ssh/config
[/box]
What this does is create a blank file that you can then create an entry for each of the assets you want to connect to. Firstly specify the hostname, then the settings for that particular asset, like so:
[box]
Host YOUR-SWITCH
User YOUR-USER
port 22
KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Ciphers +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
[/box]
Note: Simply add new host entries at a new line in the SAME config file.
Related Articles, References, Credits, or External Links
One of the things I used to like about using Windows was if I needed to drop to command line, I could (from any given location), by simply right clicking (while pressing CTRL) and selecting ‘Open Command Window Here. On a MAC I have Terminal but thats not an option.
Solution
As with most things on the MAC it is there, you just need to enable it.
1. Apple Logo > System Preferences.
2. Keyboard.
3. Shortcuts > Services > New Terminal at Folder.
4. Now when you right click a folder (or command click), you have ‘New Terminal at Folder’.
5. Et Voila!.
Related Articles, References, Credits, or External Links
I was on a train today, and they were offering free Wi-Fi but despite me being able to connect, I had no internet access. This has happened a few times to me and it’s when I need to connect to a captive portal to get internet access, then no captive portal ever appears.
Note: A captive portal is just a pop up window that you usually see on ‘Free‘ wifi services, so you can ‘Pay‘ for connection, by giving them your details (name, email etc).
No Captive Portal: Solution
Now I could connect with my Android phone and that has a hotspot so I knew the problem was on my Mac, and I had my work iPhone in my bag I could also connect to that and get 4G. But I wanted to bottom out the problem in case I was ever stuck.
Open your network preferences > Select the Wifi connection > Advanced.
Firstly let’s try the obvious, locate the entry that matches the SSID you are trying to connect to , and Delete it > OK > Try again?
In my case the problem was being caused by the fact I had static DNS entries (Google’s DNS servers), this is why the captive portal was never being shown. You cant do a DNS lookup, before you have internet access, and if your DNS servers are on the internet, you can’t resolve the private URL of the captive portal!
Delete all the static DNS entries (dont panic! you will get the correct one dynamically allocated to you.) Once you’ve removed them all > OK > Try again.
Fixed.
Related Articles, References, Credits, or External Links
I needed to get onto a HPE server’s iLO at work today. I was using Firefox and the .Net extensions no longer work, so I was forced to use Java web start. Annoyingly that opened my Windows 10 VM (that runs in VMware Fusion), then it fell over!
So the problem is, I need to be able to ‘RUN‘ jnlp file on my MacBook, but there’s no Java application in the applications folder.
Opening JNLP Files (mac OSX)
Try to execute the jnlp file again, but under ‘Open with” Select Other.
Select your hard drive, then System > Library > CoreServices > JavaLauncher.app > (Tick Do this automatically for files like this from now on.) > Open.
Now the file will get blocked by security (if you’ve done anything technical on a Mac you should know how to get round that) Click the Apple Icon (at the top of your screen) > Preferences > Security and Privacy > General Tab > Open Anyway.
You might get some further Java warnings but you should now be able to run the application.
Related Articles, References, Credits, or External Links
I’ve had to contend with Outlook Search Broken on Windows clients many times, but not being able to search my ‘sent‘ and ‘deleted‘ items has a detrimental effect on my productivity.
Outlook Search Broken Fix
This can happen if the folder/drive that your Outlook profile is in is Blocked/Prevented access by ‘Spotlight’ but in my case that wasn’t the problem.
Close Outlook > Open ‘Finder’ > Go > Go to folder > Paste in the following;
Locate the file called Outlook.sqlite and MOVE it somewhere safe (like your desktop).
Open Outlook and you should see this > Click ‘Repair’.
This can take a while (mine took about an hour, be patient). Eventually Outlook will open and your folders should all ‘resend’ then you can search again.
Alternative Outlook Search Broken Fix
You may also need to ‘bounce‘ the spotlight service, issue the following commands’
[box]
sudo mdutil -a -i off
sudo mdutil -a -i on
[/box]
Related Articles, References, Credits, or External Links