I can't understand how nrpe 2.16 should be installed

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: I can't understand how nrpe 2.16 should be installed

Post by rkennedy »

nihvel wrote:

Code: Select all

Dec 18 11:59:32 ubuntu-test3 nrpe[4841]: Error: Could not complete SSL handshake with : peer did not return a certificate
Jumping in a little late, but it looks like there isn't a hostname specified. What was the command you ran to generate this log / response?
Former Nagios Employee
nihvel
Posts: 24
Joined: Fri Dec 11, 2015 9:10 am

Re: I can't understand how nrpe 2.16 should be installed

Post by nihvel »

rkennedy wrote:
nihvel wrote:

Code: Select all

Dec 18 11:59:32 ubuntu-test3 nrpe[4841]: Error: Could not complete SSL handshake with : peer did not return a certificate
Jumping in a little late, but it looks like there isn't a hostname specified. What was the command you ran to generate this log / response?
That piece of log is part of the client's log (instead of copy/paste all the rows like I did in the previous posts I just copied the error itself).
Both: after this query from the server ./check_nrpe -H 192.168.10.219 And scheduled hosts check (or from nagios's website when you force recheck of sensor too) = common nrpe checks -- I get this error.
But before the error was different because the certificates were not matching. Thanks to your sample instead I guess I'm closer than before to resolution of the problem, but still I don't know why this error appear.

During the creation of the certificate, I set the server's common name as the ip of the server: 192.168.10.215 and client's common name as 192.168.10.219

If i run: hostname - the machines will reply; nagios02 /server AND ubuntu-test3 /client (yes that one in the error).
Hosts file is not modified and I'm not using internal dns :/

Don't worry if you're late replying! I noticed we're in different time zones and anyway you're already helping me a lot to checks whats wrong (:

EDIT: I wanted to be sure that I've done everything correct and I setup a new server, nagios03. I still get " Error: Could not complete SSL handshake with : peer did not return a certificate" from client's log.
nihvel
Posts: 24
Joined: Fri Dec 11, 2015 9:10 am

Re: I can't understand how nrpe 2.16 should be installed

Post by nihvel »

Ok this is hilarious.

I was wondering what would happen if I send the ./check_nrpe command with all the options for the certificate as well. Something like:

Code: Select all

./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
Guess what?
Client log

Code: Select all

Dec 21 12:49:02 ubuntu-test3 xinetd[5805]: xinetd Version 2.3.15 started with libwrap loadavg options compiled in.
Dec 21 12:49:02 ubuntu-test3 xinetd[5805]: Started working: 1 available service
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Certificate File: /usr/local/nagios/ssl/db_server.pem
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Private Key File: /usr/local/nagios/ssl/db_server.key
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL CA Certificate File: /usr/local/nagios/ssl/ca_cert.pem
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Allow ADH: Allow
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client Certs: Require
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Log Options: 0xff
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Version: TLSv1_2_plus And Above
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: Remote  - SSL Version: TLSv1.2
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: Remote  - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client  has a valid certificate
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client  Cert Name: /C=AU/ST=vienna/O=ciccio/OU=it/CN=192.168.10.215/emailAddress=aa@aa.aa
Dec 21 12:49:05 ubuntu-test3 nrpe[5811]: SSL Client  Cert Issuer: /C=AU/ST=vienna/L=vienna/O=ciccio/OU=it/CN=192.168.10.215/emailAddress=aa@aa.aa
^C
And, of course, the result is:

Code: Select all

 ./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
MEMORY OK : Mem used: 18.94%, Swap used: 0.00% |MemUsed=18.94%;100;100 SwapUsed=0.00%;25;50 MemCached=16.16% SwapCached=0.00% Active=17.80%
######################

This is the hilarious part:
When sending

Code: Select all

root@nagios03:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.10.219 -c check_mem
CHECK_NRPE: Error - Could not complete SSL handshake with 192.168.10.219: 1
The client log is back to:

Code: Select all

Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Certificate File: /usr/local/nagios/ssl/db_server.pem
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Private Key File: /usr/local/nagios/ssl/db_server.key
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL CA Certificate File: /usr/local/nagios/ssl/ca_cert.pem
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Allow ADH: Allow
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Client Certs: Require
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Log Options: 0xff
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: SSL Version: TLSv1_2_plus And Above
Dec 21 13:05:44 ubuntu-test3 nrpe[6211]: Error: Could not complete SSL handshake with : peer did not return a certificate
I mean.. why? Why me?

So I tried to edit the nrpe command to:

Code: Select all

define command{
        command_name check_nrpe_certs
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c $ARG1$ -t 15
}
And from one of my hosts configuration:

Code: Select all

define service {
        use                              generic-service
        host_name                   ubuntu-test3
        service_description      Check Memory Cert
        check_command           check_nrpe_certs!check_mem_cert
}
The client's got

Code: Select all

command[check_mem_cert]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50
From the nagios web interface the error is:

Code: Select all

Status Information:	Error: could not use certificate file '/usr/local/nagios/etc/ssl/client_certs/nag_serv.pem'.
Of course it can not use, that is the path of the server certificate.
Sending the command from the server works (as shown before), doesn't work when I write it down as configuration. What do I miss?? :o :o :o
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: I can't understand how nrpe 2.16 should be installed

Post by rkennedy »

Can you check the permissions of the /usr/local/nagios/etc/ssl/client_certs/, and /usr/local/nagios/etc/ssl/ca/ directories and let us know what they are?

Code: Select all

ls -l /usr/local/nagios/etc/ssl/client_certs/
ls -l /usr/local/nagios/etc/ssl/ca/
Former Nagios Employee
jfrickson

Re: I can't understand how nrpe 2.16 should be installed

Post by jfrickson »

Check the paths and make sure everything is spelled the same. I had trouble for a while because the path in my nrpe.cfg had a bad directory, and I had a dash instead of an underscore in the file name. And as rkennedy mentioned, check the permissions on the directories and files.

Maybe do a ls -ld /usr/local/nagios/etc/ssl and a ls -Rl /usr/local/nagios/etc/ssl on both machines, and post the whole SSL/TLS OPTIONS section of the nrpe.cfg

I'm pretty sure your problem is either a typo, or permissions.

EDIT: also, I just pushed an update to https://github.com/NagiosEnterprises/nr ... e-2-16-RC2 which adds a little more info to log messages.
And if you're still having problems, be sure to post the log entries from both machines.
nihvel
Posts: 24
Joined: Fri Dec 11, 2015 9:10 am

Re: I can't understand how nrpe 2.16 should be installed

Post by nihvel »

2 replies!

Server:

Code: Select all

root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl
total 16
drwxr-x--- 2 root usrnag 4096 Dec 21 10:42 ca
drwxr-x--- 2 root usrnag 4096 Dec 21 10:49 client_certs
drwx------ 3 root usrnag 4096 Dec 21 10:49 demoCA
drwxr-x--- 2 root usrnag 4096 Dec 21 10:44 server_certs
root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl/client_certs/
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:49 nag_serv.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:49 nag_serv.key
-r--r----- 1 root usrnag 1757 Dec 21 10:49 nag_serv.pem
root@nagios03:/home# ls -l /usr/local/nagios/etc/ssl/ca/
total 8
-rw-r--r-- 1 root usrnag 2078 Dec 21 10:42 ca_cert.pem
-rw-r--r-- 1 root usrnag 3394 Dec 21 10:42 ca_key.pem
root@nagios03:/home#
Probably I said this before but I run both nagios and nrpe with a different user which is not nagios (and usrnag is just a test now), hacker's everywhere..

Client:

Code: Select all

root@ubuntu-test3:/home# ls -l /usr/local/nagios/etc/ssl/
total 12
-rw-r--r-- 1 root usrnag 2078 Dec 21 11:10 ca_cert.pem
-rw-r--r-- 1 root usrnag 1704 Dec 21 11:10 db_server.key
-rw-r--r-- 1 root usrnag 1757 Dec 21 11:10 db_server.pem
While executing these commands to create the certs, it set up the permission to *every* db_server.pem as -r--r----- (exactly the same as nag_serv.pem, but this one remain in nagios server. I had to move db_server.pem to another machine and I used for simplicity sftp. Root user is ssh disabled so another user had to copy it. I set the permission as o+r manually).


Server Nrpe:

Code: Select all

log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=usrnag
nrpe_group=usrnaggrp
dont_blame_nrpe=0
allow_bash_command_substitution=0
debug=0
command_timeout=60
connection_timeout=300

ssl_version=TLSv1.2+
ssl_use_adh=1
ssl_cipher_list=ALL:!MD5:@STRENGTH
ssl_cacert_file=/usr/local/nagios/etc/ssl/ca/ca_cert.pem
ssl_cert_file=/usr/local/nagios/etc/ssl/client_certs/nag_serv.pem
ssl_privatekey_file=/usr/local/nagios/etc/ssl/client_certs/nag_serv.key
ssl_client_certs=2
ssl_logging=0xff
Client Nrpe:

Code: Select all

log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=usrnag
nrpe_group=usrnaggrp
dont_blame_nrpe=0
allow_bash_command_substitution=0
debug=0
command_timeout=60
connection_timeout=300

ssl_version=TLSv1.2+
ssl_use_adh=1
ssl_cipher_list=ALL:!MD5:@STRENGTH
ssl_cacert_file=/usr/local/nagios/etc/ssl/ca_cert.pem
ssl_cert_file=/usr/local/nagios/etc/ssl/db_server.pem
ssl_privatekey_file=/usr/local/nagios/etc/ssl/db_server.key
ssl_client_certs=2
ssl_logging=0xff

command[check_mem_cert]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_host_alive]=/usr/local/nagios/libexec/check_ping -H 94.136.19.6 -w 3000.0,80% -c 5000.0,100% -p 5
command[check_ssh]=/usr/local/nagios/libexec/check_ssh 127.0.0.1
command[check_disk]=/usr/local/nagios/libexec/check_linux_stats.pl -D -w 10 -c 5 -p /,/home,/var -u %
command[check_load]=/usr/local/nagios/libexec/check_linux_stats.pl -L -w 10,8,5 -c 20,18,15
command[check_mem]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 100,25 -c 100,50
command[check_cpu]=/usr/local/nagios/libexec/check_linux_stats.pl -C -w 99 -c 100 -s 5
command[check_uptime]=/usr/local/nagios/libexec/check_linux_stats.pl -U -w 5
ls -ld /usr/local/nagios/etc/ssl
Server:

Code: Select all

root@nagios02:/home# ls -ld /usr/local/nagios/etc/ssl
drwxr-x--- 6 root nagusr 4096 Dec 21 10:43 /usr/local/nagios/etc/ssl
Client:

Code: Select all

root@ubuntu-test3:/home# ls -ld /usr/local/nagios/etc/ssl
drwxr-xr-x 2 root root 4096 Dec 18 15:58 /usr/local/nagios/etc/ssl
ls -Rl /usr/local/nagios/etc/ssl
Server:

Code: Select all

root@nagios02:/home# ls -Rl /usr/local/nagios/etc/ssl
/usr/local/nagios/etc/ssl:
total 16
drwxr-x--- 2 root usrnag 4096 Dec 21 10:42 ca
drwxr-x--- 2 root usrnag 4096 Dec 21 10:49 client_certs
drwx------ 3 root usrnag 4096 Dec 21 10:49 demoCA
drwxr-x--- 2 root usrnag 4096 Dec 21 10:44 server_certs

/usr/local/nagios/etc/ssl/ca:
total 8
-rw-r--r-- 1 root usrnag 2078 Dec 21 10:42 ca_cert.pem
-rw-r--r-- 1 root usrnag 3394 Dec 21 10:42 ca_key.pem

/usr/local/nagios/etc/ssl/client_certs:
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:49 nag_serv.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:49 nag_serv.key
-r--r----- 1 root usrnag 1757 Dec 21 10:49 nag_serv.pem

/usr/local/nagios/etc/ssl/demoCA:
total 28
-rw-r--r-- 1 root usrnag  198 Dec 21 10:49 index.txt
-rw-r--r-- 1 root usrnag   21 Dec 21 10:49 index.txt.attr
-rw-r--r-- 1 root usrnag   21 Dec 21 10:44 index.txt.attr.old
-rw-r--r-- 1 root usrnag   99 Dec 21 10:44 index.txt.old
drwx------ 2 root usrnag 4096 Dec 21 10:49 newcerts
-rw-r--r-- 1 root usrnag    3 Dec 21 10:49 serial
-rw-r--r-- 1 root usrnag    3 Dec 21 10:44 serial.old

/usr/local/nagios/etc/ssl/demoCA/newcerts:
total 8
-rw-r--r-- 1 root usrnag 1757 Dec 21 10:44 01.pem
-rw-r--r-- 1 root usrnag 1757 Dec 21 10:49 02.pem

/usr/local/nagios/etc/ssl/server_certs:
total 12
-rw-r--r-- 1 root usrnag 1037 Dec 21 10:43 db_server.csr
-rw-r--r-- 1 root usrnag 1704 Dec 21 10:43 db_server.key
-r--r----- 1 root usrnag 1757 Dec 21 10:44 db_server.pem
Client:

Code: Select all

root@ubuntu-test3:/home# ls -Rl /usr/local/nagios/etc/ssl
/usr/local/nagios/etc/ssl:
total 12
-r--r--r-- 1 root root 2078 Dec 18 15:58 ca_cert.pem
-r--r--r-- 1 root root 1708 Dec 18 15:58 db_server.key
-r--r--r-- 1 root root 1757 Dec 18 15:58 db_server.pem
I see permissions are ok and I also double, triple, checked the path and typo, but all matches.. I'm leaving it here and not going to change anything for today, will be waiting your feedback! Thank you again!! 8-) 8-) 8-)
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: I can't understand how nrpe 2.16 should be installed

Post by rkennedy »

Code: Select all

./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
I presume when you ran this command, it was as root. Can you try running su nagios (or your user comparable account) and run the command? I really think this comes down to permissions, especially after seeing your latest post.
Former Nagios Employee
jfrickson

Re: I can't understand how nrpe 2.16 should be installed

Post by jfrickson »

In addition to what rkennedy said, you could also change permissions. Set the ssl directory and all directories under it to 777, and change all files to 666.
nihvel
Posts: 24
Joined: Fri Dec 11, 2015 9:10 am

Re: I can't understand how nrpe 2.16 should be installed

Post by nihvel »

I forgot to write you, I ran this command as my nagios user too and:

Code: Select all

nagusr@nagios03:/usr/local/nagios/libexec$ ./check_nrpe -H 192.168.10.219 -C /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem -K /usr/local/nagios/etc/ssl/client_certs/nag_serv.key -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -c check_mem
MEMORY OK : Mem used: 21.99%, Swap used: 0.00% |MemUsed=21.99%;100;100 SwapUsed=0.00%;25;50 MemCached=24.94% SwapCached=0.00% Active=19.08%
I'm going to change permissions as you suggest and will be editing in a while. I actually like to set permissions to 666, if you know what I mean \m/

EDIT:
YOU guys are the best 8-) 8-) 8-) 8-)

I only have one more question:
How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does?

Ok, two more questions:
I know that this is silly but I need to report everything to colleagues.. I can't see crypted packets from wireshark. How can I check and really show to them that the connection is ciphered? Because just sayin "it use certificate trust me it is" does not help me. I need to show that it really is. And wireshark is not helping me because all I see is TCP. Ok that a few "plain text" packages there will always be, but I do not see any tls/ssl
Attachments
check Nrpe 2.16 certificate
check Nrpe 2.16 certificate
good.PNG (3.54 KiB) Viewed 4020 times
jfrickson

Re: I can't understand how nrpe 2.16 should be installed

Post by jfrickson »

nihvel wrote:I only have one more question:
How come if I edit nrpe.cfg with the path of certificates, the command ./check_nrpe -H ip -c command does not work resulting in an ssl handshake error, and when I send the command with certificates option included, it does?
check_nrpe does not read the nrpe.cfg. It only uses command-line arguments. That might explain some of your problems if you were expecting check_nrpe to use what is in the config file.
nihvel wrote:Ok, two more questions:
I know that this is silly but I need to report everything to colleagues. I can't see crypted packets from wireshark. How can I check and really show to them that the connection is ciphered? Because just sayin "it use certificate trust me it is" does not help me. I need to show that it really is. And wireshark is not helping me because all I see is TCP. Ok that a few "plain text" packages there will always be, but I do not see any tls/ssl
Two things you can tell them. First, all NRPE communication between the client and the server is plain text. If you run a check_load command, the output will be something like

Code: Select all

OK - load average: 0.09, 0.16, 0.14|load1=0.090;0.750;1.500;0; load5=0.160;0.500;1.250;0; load15=0.140;0.250;1.000;0;
If you don't see any packets with that kind of text, then it's encrypted.

Second, if you have ssl_logging=0x2f turned on in the nrpe.cfg file and -s 0x2f on the check_nrpe command line, syslog will tell you. For example, below is the log entries from a check I ran. Notice in particular the line Remote - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384. That says it's communicating using TLSv1/SSLv3 and the connection is encrypted with the cipher DHE-RSA-AES256-GCM-SHA384. The RSA part indicates it's public-key encryption. AES256 means it's using 256-bit AES encryption. SHA384 means it's using a 384-bit SHA hash. The details of both the client and server certificates is also shown.

Code: Select all

2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Certificate File: /usr/local/nagios/etc/ssl/client_certs/nag_serv.pem
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Private Key File: /usr/local/nagios/etc/ssl/client_certs/nag_serv.key
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL CA Certificate File: /usr/local/nagios/etc/ssl/ca/ca_cert.pem
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Cipher List: ALL:!MD5:@STRENGTH
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Allow ADH: Allow
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Log Options: 0xff
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL Version: TLSv1_plus And Above
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Connected to 127.0.0.1
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Certificate File: /usr/local/nagios/etc/ssl/server_certs/db_server.pem
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Private Key File: /usr/local/nagios/etc/ssl/server_certs/db_server.key
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL CA Certificate File: /usr/local/nagios/etc/ssl/ca/ca_cert.pem
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Cipher List: ALL:!MD5:@STRENGTH
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Allow ADH: Allow
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client Certs: Require
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Log Options: 0x2f
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Version: TLSv1 And Above
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: Remote  - SSL Version: TLSv1.2
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: Remote  - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client  Cert Name: /C=US/ST=Minnesota/O=Internet Widgits Pty Ltd/OU=IT/CN=nag_serv/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl nrpe[14071]: SSL Client  Cert Issuer: /C=US/ST=Minnesota/L=St. Paul/O=Internet Widgits Pty Ltd/OU=IWP Certificate Authority/CN=IPW Nagios CA/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 - SSL Version: TLSv1.2
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 - TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 has a valid certificate
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 Cert Name: /C=US/ST=Minnesota/O=Internet Widgits Pty Ltd/OU=IT/CN=db_server/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: SSL 127.0.0.1 Cert Issuer: /C=US/ST=Minnesota/L=St. Paul/O=Internet Widgits Pty Ltd/OU=IWP Certificate Authority/CN=IPW Nagios CA/emailAddress=jfrickson@nagios.com
2015-12-23T09:08:37-0600 linux-jtgl check_nrpe[14070]: Remote 127.0.0.1 accepted a Version 3 Packet
That should satisfy them.
Locked