SSL Certificate for local web server

Is it at all possible to create a self-signed certificate for use on multiple machines on a local network which would stop the browser complaining it is not a trusted site?

We have a product which is basically a computer running lighttpd to serve a web interface for configuring the computer (sort of how a router has a web interface). There can also be many of these machines running on the same network with dynamic IP’s. What I basically want to do is enable SSL for extra security but I don’t want people who are on the local network to be given a browser warning about the certificate not being trusted.

Is this at all possible?

Related:

Simplify Operations on a Large Scale

Features and Capabilities

Cisco UCS Central Software extends the capabilities and concepts of Cisco UCS Manager across multiple Cisco Unified Computing System (Cisco UCS) domains in one or more physical locations.

With an enhanced HTML 5 user interface available in seven languages, you can work easily on a global scale to provide configuration capabilities for pools, policies, and firmware. Administrators can follow a define-once-deploy-many-times workflow for their infrastructure to increase operational efficiency.

Subject matter experts can promote global policy compliance by choosing the resource pools and policies that need to be enforced globally or managed locally. Cisco UCS Central supports the entire Cisco UCS and Cisco HyperFlex portfolio, as well as the full family of Cisco UCS Fabric Interconnects and all current Cisco UCS fabric interconnects.

Key Benefits

  • Global administrative policies can enable global and local management of Cisco UCS domains to promote consistency and standardization across domains.
  • Centralized inventory and health status with dashboard and reports help you more easily monitor distributed environments and provide a consistent view of the entire Cisco UCS infrastructure.
  • Policy-based server definitions can be standardized and deployed across domains and physical locations.
  • Policy-based firmware upgrades can be applied globally or selectively through automated schedules or as business workloads demand.

Key Features

  • Globalization allows you to migrate existing policies and profiles from Cisco UCS Manager to globalized configuration and take full advantage of all the capabilities of Cisco UCS Central.
  • Global search lets you easily search through thousands of servers, policies, and other elements of configuration.
  • Cisco UCS global service profiles and templates enable fast and simplified infrastructure deployment and help ensure consistency.
  • Health status, logs, and inventory of all Cisco UCS components facilitate rapid problem resolution.
  • Hardware compatibility reports allow you to quickly understand if your current or desired firmware versions are validated with OS and Driver versions.
  • Keyboard, video, and mouse (KVM) manager allows admins to launch KVM sessions anywhere in the Cisco UCS environment.
  • Global ID pooling and multidomain ID visibility eliminate identifier conflicts.

Open and Extensible

Easily extend the functionality of your management tools through a broad partner ecosystem. An open API builds on the Cisco UCS Manager API for easy integration into higher-level data center management frameworks. You can use Cisco UCS Central with the Cisco UCS Platform Emulator to model policies and test changes for large-scale environments without the need for physical hardware.

Related:

  • No Related Posts

mod_security2.so: undefined symbol: ap_unixd_set_gl

service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: Syntax error on line 205 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: undefined symbol: ap_unixd_set_global_mutex_perms
                                                           [FAILED]

my httpd file:

LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
#LoadFile /usr/lib/liblua5.1.so
LoadModule security2_module modules/mod_security2.so

any ideas? google has nothing.

I followed these guidelines:
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SVN_Access

Apache is 2.2.15
PHP is 5.3.3

I installed apache/php via yum

Related:

Protocol error when trying to SFTP from server to server

I am hitting a Protocol error while trying to SFTP from one server to another. I have tried to search up Google to no avail. May i know if anyone can help me with this.

rel@kingfisher:/kingfisher_bft/hme/rel>  sftp relst@111.32.171.172
Need basic cursor movement capability, using vt100
error: Could not open connection to `rel@111.32.171.172': Protocol error

Related:

Diagnosing network latency issues

I have two servers both with gigabit network cards that were experiencing severe latency issues communicating with one another. The culprit eventually turned out to be that one of the servers was patched into a 100mb switch port.

pinging the servers always returned <1ms

Is there a tool that could show the actual latency / rate of transfer between the servers compared to the maximum that should be possible?

Related:

Learn About the New Cisco Aironet Series 1600 Access Point

Designed with rapidly evolving mobility needs in mind, the 802.11n-based Aironet 1600 Series offers small and midsized enterprises an entry-level wireless access point with advanced features. With the Aironet 1600 Series, customers can modernize their network to handle today’s explosion of more clients, applications, and bandwidth demands.

The 1600 Series offers the advantage of 802.11n enterprise-class performance with 3×3 multiple-input, multiple-output (MIMO) technology with two spatial streams-ideal for small and midsized enterprises.

It provides efficient wireless coverage through Cisco ClientLink 2.0, CleanAir Express*, and Cisco Wireless VideoStream technologies. Cisco ClientLink 2.0 on the Aironet 1600 Series works to improve downlink performance and range for most mobile devices, while improving battery life on devices such as smartphones and tablets.

Cisco Aironet 1600 Series Access Points are designed to help ensure an interference-free, high-speed, wireless experience.

Features and Capabilities

  • Entry-level access point for small to midsized organizations, including retail, manufacturing, education, and branch offices
  • Attractive price and performance for migrating to 802.11n
  • Up to six times more capacity to support applications and clients than legacy 802.11a/b/g networks
  • Cisco ClientLink 2.0 for better downlink performance and range and longer battery life on mobile devices
  • Cisco CleanAir Express* for proactive spectrum intelligence to address RF interference problems
  • Limited Lifetime Hardware Warranty, including 10-day advance hardware replacement

Wireless innovations include:

  • Cisco ClientLink 2.0 technology
  • Cisco VideoStream technology
  • Cisco Bandselect
  • CleanAir Express*

*Available through future software updates.

Related:

  • No Related Posts

Removing/modifying LDAP objectclasses/attributes using olc

I’m having trouble using openldap’s olc to modify a schema without shutting down the server. To test some things out, I made the following schema:

objectIdentifier tests        orgUlyssisOID:4
objectIdentifier testAttribute    tests:1
objectIdentifier testObjectClass  tests:2

attributeType ( testAttribute:1 NAME 'attr1'
        DESC 'attribuut 1'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )

attributeType ( testAttribute:2 NAME 'attr2'
        DESC 'attribuut 2'
        SUP userPassword
        SINGLE-VALUE )

objectclass ( testObjectClass:1 NAME 'class1'
    DESC 'objectclass 1'
    SUP top
    STRUCTURAL 
    MUST (attr1 $ attr2 ) )

And added it to a new schema called test. (cn={9}test.ldif in cn=schema).
Now I can’t seem to figure out how to delete class1 from that schema.
I use the following LDIF (and tried lots of variations too, to no avail)

dn : cn={9}test,cn=schema,cn=config
changetype: modify
delete: olcObjectClasses 
olcObjectClasses: ( testObjectClass:1 NAME 'class1' DESC 'objectclass 1' SUP top STRUCTURAL MUST ( attr1 $ attr2 ) )

Running ldapmodify -x -W -D cn=admin,cn=config -f test.ldif -d 0 gives no output. -d 1 gives this:

ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 38 bytes to sd 4
ldap_result ld 0x7f2a8ccf3430 msgid 1
wait4msg ld 0x7f2a8ccf3430 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f2a8ccf3430 msgid 1 all 1
** ld 0x7f2a8ccf3430 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Sep 10 11:29:57 2012


** ld 0x7f2a8ccf3430 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f2a8ccf3430 request count 1 (abandoned 0)
** ld 0x7f2a8ccf3430 Response Queue:
   Empty
  ld 0x7f2a8ccf3430 response count 0
ldap_chkResponseList ld 0x7f2a8ccf3430 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f2a8ccf3430 NULL
ldap_int_select
read1msg: ld 0x7f2a8ccf3430 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x7f2a8ccf3430 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f2a8ccf3430 0 new referrals
read1msg:  mark request completed, ld 0x7f2a8ccf3430 msgid 1
request done: ld 0x7f2a8ccf3430 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
ldap_free_connection: actually freed

So no real indication of an error. Where am I doing it wrong?
Bonus question: If I have some entries of a certain objectclass, can I modify it (add/remove attributeTypes) without removing the entries?

Thanks in advance for all help.

Related: