Unix BSD/OS 4.3 Install on Qemu 386


A practical approach for the Qemu 386 install of the operating system from Berkeley Software Design BSD/OS 4.3 (2002). Installing and running a legacy Unix system is a great point of reference concerning the study and appreciation of older operating systems. BSD/OS 3.x to 5.x also install in a very similar way. The audience is experienced Unix and Linux administrators.

CLARIFICATION: This is the BSD/OS 4.3 version for i386 from 2002, and not the classic 4.3BSD Berkeley Unix for the VAX from 1986. For that install visit Install 4.3BSD Berkeley UNIX with VAX780 SimH Emulator and TCP/IP Networking


The copyright declaration as seen inside the mounted ISO download:


BSD/OS Release 4.3
Copyright 2001 Wind River Systems, Inc.
Copyright 1992,1993,1994,1995,1996,1997,1998,1999,2000,2001
	Berkeley Software Design, Inc.

Portions Copyright by other entities, see individual modules for details.

Use of this software is governed by the Wind River Systems, Inc.
Software License.

If you do not accept the terms of this license, immediately return the
distribution to the place of purchase for a full refund. Further
use of the software will be considered to be acceptance of the terms
of the license.


Download 4.3BSD [612MB]: https://archive.org/download/bsdos-4.3/bsdos-4.3-binary.iso

$ mkidr -p /u1/qemu/4.3bsd
$ cd /u1/qemu/4.3bsd
$ wget https://archive.org/download/bsdos-4.3/bsdos-4.3-binary.iso

[Read more…]

Verify OpenSSL TLS 1.2

In an effort to combat cyber crime, major tech companies are advocating encryption for the entire Internet through the free certificate service called “Let’s Encrypt”; meaning that in the not so distant future the following will block public web pages from running browsers:

    * Web paged running on http port 80
    * Web pages with self-signed certificates
    * Web pages with weak encryption
    * Web pages without TLS 1.2 certified encryption
    * Web pages still encrypting with old SSL3

Below find some examples on how to quickly test if your site complies with OpenSSL TLS 1.2.

TLS is supported on OpenSSL 1.0.1 or above. Verify your version:

~$ openssl version
OpenSSL 1.1.1d  10 Sep 2019

Verify a TLS 1.2 enabled website by querying its certificate and spotting its cipher at the bottom. If it returns error handshake messages and no cipher, then it probably does not support TLS 1.2. It should return something like this:

[Read more…]

Apache SSL TLS Certificate Creation Script


Brief notes on how to create an Apache OpenSSL certificate using a bash script under Debian 10. A website that is not encrypted can become a threat to visitors, and often many providers block websites that are not SSL/TLS enabled. The audience is experienced Linux administrators.


    * Root CA certificate = the main self-signed certificate from the Root certificate authority that signs all other certificates or intermediate certificates.
    * Intermediate CA certificate = a certificate created by an intermediate certificate authority (CA), signed by the Root CA.
    * CA Bundle certificate = the merge of Root CA certificate an the Intermadiate CA certificate, valid as a root certificate.
    * Certificate = the certificate received and signed by the Intermediate CA certificate.
    * Certificate Chain = the end certificate, along with the CA Bundle certificate.
    * The intermediate method has more security, so that intrusion of one intermediate certificate authority does not affect the entire root.

The Script

The OpenSSL script below is simple; the variables need to be modified inside. It creates the following (4) four files:

    * Raw private key.
    * RSA private key.
    * CSR, certificate signing request.
    * Self-signed certificate, for testing.

Creating the private key in at least two formats seems like a good idea. Always keep private keys truly private and secure.

[Read more…]