Search found 3 matches
- Mon Jun 17, 2019 4:13 pm
- Forum: Open Source Nagios Projects
- Topic: NRPE doesn't validate the name on TLS certificates
- Replies: 5
- Views: 1374
Re: NRPE doesn't validate the name on TLS certificates
Yes, the CA, cert and key are all correctly configured. If I remove them then it stops working. Verbose logging shows that the certs are being validated against the CA. The problem is that the Common Name on the cert is NOT checked, so ANY valid cert trusted by ssl_cacert_file is accepted and this i...
- Mon Jun 17, 2019 9:04 am
- Forum: Open Source Nagios Projects
- Topic: NRPE doesn't validate the name on TLS certificates
- Replies: 5
- Views: 1374
Re: NRPE doesn't validate the name on TLS certificates
Thanks for the quick reply! Yes, I did get the certs and CA correctly installed at both ends and ssl_client_certs=2 The problem is that neither Nagios nor the client check the Common Name in the cert so it could be ANY system with a signed certificate from that CA that is connecting to NRPE. If you ...
- Mon Jun 17, 2019 8:25 am
- Forum: Open Source Nagios Projects
- Topic: NRPE doesn't validate the name on TLS certificates
- Replies: 5
- Views: 1374
NRPE doesn't validate the name on TLS certificates
Hi Folks, I've setup the latest versions of Nagios, check_nrpe and NRPEd on CentOS 7. I want to use TLS certificates but I found that neither side of the NRPE connection appears to validate the name on the TLS certificate. So, a host running NRPEd will accept ANY certificate that it can validate usi...