I only have one more question: How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does? check_nrpe does not read the nrpe.cfg. It on...
I forgot to write you, I ran this command as my nagios user too and: nagusr@nagios03:/usr/local/nagios/libexec$ ./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c ...
Ok this is hilarious. I was wondering what would happen if I send the ./check_nrpe command with all the options for the certificate as well. Something like: ./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A...
Dec 18 11:59:32 ubuntu-test3 nrpe[4841]: Error: Could not complete SSL handshake with : peer did not return a certificate Jumping in a little late, but it looks like there isn't a hostname specified. What was the command you ran to generate this log / response? That piece of log is part of the clie...
I shouldn't post just before going to bed. Both ends should really have certificates. I added an Example section to README.SSL.md. It hasn't been fully vetted yet, so there might be a few problems with it. But it should get you going. https://raw.githubusercontent.com/NagiosEnterprises/nrpe/nrpe-2-...
key, csr and crt are on the server and the client's only got server's crt in its configuration. Isn't it supposed to be like this? Actually, it's a client certificate, so the server only needs the CA certificate, and the client needs all three. (I think. Can't log into my workstation, so I can't ch...
Failing when using certificates @nihvel, it looks like you had ssl_use_adh=2 in your nrpe.cfg file. True, but I also checked with ssl_use_adh=0 and 1 and it does not change, I can't get the certificate working (and again, wireshark is not helping me to double check what passes encrypted and what no...