Jumping in a little late, but it looks like there isn't a hostname specified. What was the command you ran to generate this log / response?nihvel wrote:Code: Select all
Dec 18 11:59:32 ubuntu-test3 nrpe[4841]: Error: Could not complete SSL handshake with : peer did not return a certificate
I can't understand how nrpe 2.16 should be installed
Re: I can't understand how nrpe 2.16 should be installed
Former Nagios Employee
Re: I can't understand how nrpe 2.16 should be installed
That piece of log is part of the client's log (instead of copy/paste all the rows like I did in the previous posts I just copied the error itself).rkennedy wrote:Jumping in a little late, but it looks like there isn't a hostname specified. What was the command you ran to generate this log / response?nihvel wrote:Code: Select all
Dec 18 11:59:32 ubuntu-test3 nrpe[4841]: Error: Could not complete SSL handshake with : peer did not return a certificate
Both: after this query from the server ./check_nrpe -H 192.168.10.219 And scheduled hosts check (or from nagios's website when you force recheck of sensor too) = common nrpe checks -- I get this error.
But before the error was different because the certificates were not matching. Thanks to your sample instead I guess I'm closer than before to resolution of the problem, but still I don't know why this error appear.
During the creation of the certificate, I set the server's common name as the ip of the server: 192.168.10.215 and client's common name as 192.168.10.219
If i run: hostname - the machines will reply; nagios02 /server AND ubuntu-test3 /client (yes that one in the error).
Hosts file is not modified and I'm not using internal dns :/
Don't worry if you're late replying! I noticed we're in different time zones and anyway you're already helping me a lot to checks whats wrong (:
EDIT: I wanted to be sure that I've done everything correct and I setup a new server, nagios03. I still get " Error: Could not complete SSL handshake with : peer did not return a certificate" from client's log.
Re: I can't understand how nrpe 2.16 should be installed
Ok this is hilarious.
I was wondering what would happen if I send the ./check_nrpe command with all the options for the certificate as well. Something like:
Guess what?
Client log
And, of course, the result is:
######################
This is the hilarious part:
When sending
The client log is back to:
I mean.. why? Why me?
So I tried to edit the nrpe command to:
And from one of my hosts configuration:
The client's got
From the nagios web interface the error is:
Of course it can not use, that is the path of the server certificate.
Sending the command from the server works (as shown before), doesn't work when I write it down as configuration. What do I miss??
I was wondering what would happen if I send the ./check_nrpe command with all the options for the certificate as well. Something like:
Code: Select all
./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
Client log
Code: Select all
Dec 21 12:49:02 ubuntu-test3 xinetd[5805]: xinetd Version 2.3.15 started with libwrap loadavg options compiled in.
Dec 21 12:49:02 ubuntu-test3 xinetd[5805]: Started working: 1 available service
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Certificate File: /usr/local/nagios/ssl/db_server.pem
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Private Key File: /usr/local/nagios/ssl/db_server.key
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL CA Certificate File: /usr/local/nagios/ssl/ca_cert.pem
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Allow ADH: Allow
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client Certs: Require
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Log Options: 0xff
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Version: TLSv1_2_plus And Above
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: Remote - SSL Version: TLSv1.2
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: Remote - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client has a valid certificate
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client Cert Name: /C=AU/ST=vienna/O=ciccio/OU=it/CN=192.168.10.215/emailAddress=aa@aa.aa
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client Cert Issuer: /C=AU/ST=vienna/L=vienna/O=ciccio/OU=it/CN=192.168.10.215/emailAddress=aa@aa.aa
^C
Code: Select all
./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
MEMORY OK : Mem used: 18.94%, Swap used: 0.00% |MemUsed=18.94%;100;100 SwapUsed=0.00%;25;50 MemCached=16.16% SwapCached=0.00% Active=17.80%
This is the hilarious part:
When sending
Code: Select all
root@nagios03:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.10.219 -c check_mem
CHECK_NRPE: Error - Could not complete SSL handshake with 192.168.10.219: 1
Code: Select all
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Certificate File: /usr/local/nagios/ssl/db_server.pem
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Private Key File: /usr/local/nagios/ssl/db_server.key
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL CA Certificate File: /usr/local/nagios/ssl/ca_cert.pem
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Allow ADH: Allow
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Client Certs: Require
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Log Options: 0xff
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Version: TLSv1_2_plus And Above
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: Error: Could not complete SSL handshake with : peer did not return a certificate
So I tried to edit the nrpe command to:
Code: Select all
define command{
command_name check_nrpe_certs
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c $ARG1$ -t 15
}
Code: Select all
define service {
use generic-service
host_name ubuntu-test3
service_description Check Memory Cert
check_command check_nrpe_certs!check_mem_cert
}
Code: Select all
command[check_mem_cert]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50
Code: Select all
Status Information: Error: could not use certificate file '/usr/local/nagios/etc/ssl/client_certs/nag_serv.pem'.
Sending the command from the server works (as shown before), doesn't work when I write it down as configuration. What do I miss??
Re: I can't understand how nrpe 2.16 should be installed
Can you check the permissions of the /usr/local/nagios/etc/ssl/client_certs/, and /usr/local/nagios/etc/ssl/ca/ directories and let us know what they are?
Code: Select all
ls -l /usr/local/nagios/etc/ssl/client_certs/
ls -l /usr/local/nagios/etc/ssl/ca/
Former Nagios Employee
Re: I can't understand how nrpe 2.16 should be installed
Check the paths and make sure everything is spelled the same. I had trouble for a while because the path in my nrpe.cfg had a bad directory, and I had a dash instead of an underscore in the file name. And as rkennedy mentioned, check the permissions on the directories and files.
Maybe do a ls -ld /usr/local/nagios/etc/ssl and a ls -Rl /usr/local/nagios/etc/ssl on both machines, and post the whole SSL/TLS OPTIONS section of the nrpe.cfg
I'm pretty sure your problem is either a typo, or permissions.
EDIT: also, I just pushed an update to https://github.com/NagiosEnterprises/nr ... e-2-16-RC2 which adds a little more info to log messages.
And if you're still having problems, be sure to post the log entries from both machines.
Maybe do a ls -ld /usr/local/nagios/etc/ssl and a ls -Rl /usr/local/nagios/etc/ssl on both machines, and post the whole SSL/TLS OPTIONS section of the nrpe.cfg
I'm pretty sure your problem is either a typo, or permissions.
EDIT: also, I just pushed an update to https://github.com/NagiosEnterprises/nr ... e-2-16-RC2 which adds a little more info to log messages.
And if you're still having problems, be sure to post the log entries from both machines.
Re: I can't understand how nrpe 2.16 should be installed
2 replies!
Server:
Probably I said this before but I run both nagios and nrpe with a different user which is not nagios (and usrnag is just a test now), hacker's everywhere..
Client:
While executing these commands to create the certs, it set up the permission to *every* db_server.pem as -r--r----- (exactly the same as nag_serv.pem, but this one remain in nagios server. I had to move db_server.pem to another machine and I used for simplicity sftp. Root user is ssh disabled so another user had to copy it. I set the permission as o+r manually).
Server Nrpe:
Client Nrpe:
Client:
Client:
I see permissions are ok and I also double, triple, checked the path and typo, but all matches.. I'm leaving it here and not going to change anything for today, will be waiting your feedback! Thank you again!!
Server:
Code: Select all
root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl
total 16
drwxr-x--- 2 root usrnag 4096 Dec 21 10:42 ca
drwxr-x--- 2 root usrnag 4096 Dec 21 10:49 client_certs
drwx------ 3 root usrnag 4096 Dec 21 10:49 demoCA
drwxr-x--- 2 root usrnag 4096 Dec 21 10:44 server_certs
root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl/client_certs/
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:49 nag_serv.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:49 nag_serv.key
-r--r----- 1 root usrnag 1757 Dec 21 10:49 nag_serv.pem
root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl/ca/
total 8
-rw-r--r-- 1 root usrnag 2078 Dec 21 10:42 ca_cert.pem
-rw-r--r-- 1 root usrnag 3394 Dec 21 10:42 ca_key.pem
root@nagios03:/home#
Client:
Code: Select all
root@ubuntu-test3:/home# ls -l /usr/local/nagios/etc/ssl/
total 12
-rw-r--r-- 1 root usrnag 2078 Dec 21 11:10 ca_cert.pem
-rw-r--r-- 1 root usrnag 1704 Dec 21 11:10 db_server.key
-rw-r--r-- 1 root usrnag 1757 Dec 21 11:10 db_server.pem
Server Nrpe:
Code: Select all
log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=usrnag
nrpe_group=usrnaggrp
dont_blame_nrpe=0
allow_bash_command_substitution=0
debug=0
command_timeout=60
connection_timeout=300
ssl_version=TLSv1.2+
ssl_use_adh=1
ssl_cipher_list=ALL:!MD5:@STRENGTH
ssl_cacert_file=/usr/local/nagios/etc/ssl/ca/ca_cert.pem
ssl_cert_file=/usr/local/nagios/etc/ssl/client_certs/nag_serv.pem
ssl_privatekey_file=/usr/local/nagios/etc/ssl/client_certs/nag_serv.key
ssl_client_certs=2
ssl_logging=0xff
Code: Select all
log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=usrnag
nrpe_group=usrnaggrp
dont_blame_nrpe=0
allow_bash_command_substitution=0
debug=0
command_timeout=60
connection_timeout=300
ssl_version=TLSv1.2+
ssl_use_adh=1
ssl_cipher_list=ALL:!MD5:@STRENGTH
ssl_cacert_file=/usr/local/nagios/etc/ssl/ca_cert.pem
ssl_cert_file=/usr/local/nagios/etc/ssl/db_server.pem
ssl_privatekey_file=/usr/local/nagios/etc/ssl/db_server.key
ssl_client_certs=2
ssl_logging=0xff
command[check_mem_cert]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_host_alive]=/usr/local/nagios/libexec/check_ping -H 94.136.19.6 -w 3000.0,80% -c 5000.0,100% -p 5
command[check_ssh]=/usr/local/nagios/libexec/check_ssh 127.0.0.1
command[check_disk]=/usr/local/nagios/libexec/check_linux_stats.pl -D -w 10 -c 5 -p /,/home,/var -u %
command[check_load]=/usr/local/nagios/libexec/check_linux_stats.pl -L -w 10,8,5 -c 20,18,15
command[check_mem]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50
command[check_cpu]=/usr/local/nagios/libexec/check_linux_stats.pl -C -w 99 -c 100 -s 5
command[check_uptime]=/usr/local/nagios/libexec/check_linux_stats.pl -U -w 5
Server:ls -ld /usr/local/nagios/etc/ssl
Code: Select all
root@nagios02:/home# ls -ld /usr/local/nagios/etc/ssl
drwxr-x--- 6 root nagusr 4096 Dec 21 10:43 /usr/local/nagios/etc/ssl
Code: Select all
root@ubuntu-test3:/home# ls -ld /usr/local/nagios/etc/ssl
drwxr-xr-x 2 root root 4096 Dec 18 15:58 /usr/local/nagios/etc/ssl
Server:ls -Rl /usr/local/nagios/etc/ssl
Code: Select all
root@nagios02:/home# ls -Rl /usr/local/nagios/etc/ssl
/usr/local/nagios/etc/ssl:
total 16
drwxr-x--- 2 root usrnag 4096 Dec 21 10:42 ca
drwxr-x--- 2 root usrnag 4096 Dec 21 10:49 client_certs
drwx------ 3 root usrnag 4096 Dec 21 10:49 demoCA
drwxr-x--- 2 root usrnag 4096 Dec 21 10:44 server_certs
/usr/local/nagios/etc/ssl/ca:
total 8
-rw-r--r-- 1 root usrnag 2078 Dec 21 10:42 ca_cert.pem
-rw-r--r-- 1 root usrnag 3394 Dec 21 10:42 ca_key.pem
/usr/local/nagios/etc/ssl/client_certs:
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:49 nag_serv.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:49 nag_serv.key
-r--r----- 1 root usrnag 1757 Dec 21 10:49 nag_serv.pem
/usr/local/nagios/etc/ssl/demoCA:
total 28
-rw-r--r-- 1 root usrnag 198 Dec 21 10:49 index.txt
-rw-r--r-- 1 root usrnag 21 Dec 21 10:49 index.txt.attr
-rw-r--r-- 1 root usrnag 21 Dec 21 10:44 index.txt.attr.old
-rw-r--r-- 1 root usrnag 99 Dec 21 10:44 index.txt.old
drwx------ 2 root usrnag 4096 Dec 21 10:49 newcerts
-rw-r--r-- 1 root usrnag 3 Dec 21 10:49 serial
-rw-r--r-- 1 root usrnag 3 Dec 21 10:44 serial.old
/usr/local/nagios/etc/ssl/demoCA/newcerts:
total 8
-rw-r--r-- 1 root usrnag 1757 Dec 21 10:44 01.pem
-rw-r--r-- 1 root usrnag 1757 Dec 21 10:49 02.pem
/usr/local/nagios/etc/ssl/server_certs:
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:43 db_server.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:43 db_server.key
-r--r----- 1 root usrnag 1757 Dec 21 10:44 db_server.pem
Code: Select all
root@ubuntu-test3:/home# ls -Rl /usr/local/nagios/etc/ssl
/usr/local/nagios/etc/ssl:
total 12
-r--r--r-- 1 root root 2078 Dec 18 15:58 ca_cert.pem
-r--r--r-- 1 root root 1708 Dec 18 15:58 db_server.key
-r--r--r-- 1 root root 1757 Dec 18 15:58 db_server.pem
Re: I can't understand how nrpe 2.16 should be installed
Code: Select all
./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
Former Nagios Employee
Re: I can't understand how nrpe 2.16 should be installed
In addition to what rkennedy said, you could also change permissions. Set the ssl directory and all directories under it to 777, and change all files to 666.
Re: I can't understand how nrpe 2.16 should be installed
I forgot to write you, I ran this command as my nagios user too and:
I'm going to change permissions as you suggest and will be editing in a while. I actually like to set permissions to 666, if you know what I mean \m/
EDIT:
YOU guys are the best
I only have one more question:
How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does?
Ok, two more questions:
I know that this is silly but I need to report everything to colleagues.. I can't see crypted packets from wireshark. How can I check and really show to them that the connection is ciphered? Because just sayin "it use certificate trust me it is" does not help me. I need to show that it really is. And wireshark is not helping me because all I see is TCP. Ok that a few "plain text" packages there will always be, but I do not see any tls/ssl
Code: Select all
nagusr@nagios03:/usr/local/nagios/libexec$ ./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
MEMORY OK : Mem used: 21.99%, Swap used: 0.00% |MemUsed=21.99%;100;100 SwapUsed=0.00%;25;50 MemCached=24.94% SwapCached=0.00% Active=19.08%
EDIT:
YOU guys are the best
I only have one more question:
How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does?
Ok, two more questions:
I know that this is silly but I need to report everything to colleagues.. I can't see crypted packets from wireshark. How can I check and really show to them that the connection is ciphered? Because just sayin "it use certificate trust me it is" does not help me. I need to show that it really is. And wireshark is not helping me because all I see is TCP. Ok that a few "plain text" packages there will always be, but I do not see any tls/ssl
- Attachments
-
- check Nrpe 2.16 certificate
- good.PNG (3.54 KiB) Viewed 4055 times
Re: I can't understand how nrpe 2.16 should be installed
check_nrpe does not read the nrpe.cfg. It only uses command-line arguments. That might explain some of your problems if you were expecting check_nrpe to use what is in the config file.nihvel wrote:I only have one more question:
How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does?
Two things you can tell them. First, all NRPE communication between the client and the server is plain text. If you run a check_load command, the output will be something likenihvel wrote:Ok, two more questions:
I know that this is silly but I need to report everything to colleagues. I can't see crypted packets from wireshark. How can I check and really show to them that the connection is ciphered? Because just sayin "it use certificate trust me it is" does not help me. I need to show that it really is. And wireshark is not helping me because all I see is TCP. Ok that a few "plain text" packages there will always be, but I do not see any tls/ssl
Code: Select all
OK - load average: 0.09, 0.16, 0.14|load1=0.090;0.750;1.500;0; load5=0.160;0.500;1.250;0; load15=0.140;0.250;1.000;0;
Second, if you have ssl_logging=0x2f turned on in the nrpe.cfg file and -s 0x2f on the check_nrpe command line, syslog will tell you. For example, below is the log entries from a check I ran. Notice in particular the line Remote - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384. That says it's communicating using TLSv1/SSLv3 and the connection is encrypted with the cipher DHE-RSA-AES256-GCM-SHA384. The RSA part indicates it's public-key encryption. AES256 means it's using 256-bit AES encryption. SHA384 means it's using a 384-bit SHA hash. The details of both the client and server certificates is also shown.
Code: Select all
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Certificate File: /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Private Key File: /usr/local/nagios/etc/ssl/client_certs/nag_serv.key
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL CA Certificate File: /usr/local/nagios/etc/ssl/ca/ca_cert.pem
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Cipher List: ALL:!MD5:@STRENGTH
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Allow ADH: Allow
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Log Options: 0xff
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Version: TLSv1_plus And Above
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Connected to 127.0.0.1
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Certificate File: /usr/local/nagios/etc/ssl/server_certs/db_server.pem
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Private Key File: /usr/local/nagios/etc/ssl/server_certs/db_server.key
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL CA Certificate File: /usr/local/nagios/etc/ssl/ca/ca_cert.pem
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Cipher List: ALL:!MD5:@STRENGTH
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Allow ADH: Allow
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client Certs: Require
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Log Options: 0x2f
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Version: TLSv1 And Above
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: Remote - SSL Version: TLSv1.2
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: Remote - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client Cert Name: /C=US/ST=Minnesota/O=Internet Widgits Pty Ltd/OU=IT/CN=nag_serv/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client Cert Issuer: /C=US/ST=Minnesota/L=St. Paul/O=Internet Widgits Pty Ltd/OU=IWP Certificate Authority/CN=IPW Nagios CA/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 - SSL Version: TLSv1.2
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 has a valid certificate
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 Cert Name: /C=US/ST=Minnesota/O=Internet Widgits Pty Ltd/OU=IT/CN=db_server/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 Cert Issuer: /C=US/ST=Minnesota/L=St. Paul/O=Internet Widgits Pty Ltd/OU=IWP Certificate Authority/CN=IPW Nagios CA/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 accepted a Version 3 Packet