Cannot run check_nrpe from Linux to Windows server with SSL

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Cannot run check_nrpe from Linux to Windows server with SSL

Postby rubentro » Fri Sep 30, 2016 3:49 am

I'm following this guide: https://www.medin.name/blog/2012/12/02/ ... ntication/

I'm running nsclient++ on windows server, and installed our Active Directory CA certificate + certificates signed for the windows server in the security/ directory.
If I run nscp test on the windows server itself with following command, it's successful.

Code: Select all
nscp nrpe --host 127.0.0.1 --ca security\ca.pem --verify peer-cert --allowed-ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH --certificate security\server.pem --certificate-key security\server_key.pem
I (0.5.0.62 2016-09-14) seem to be doing fine...


However, if I run it from my nagis host, I always get on Windows server side "sslv3 alert handshake failure: 1040".
From my command line on the linux host:

Code: Select all
./check_nrpe -H x.x.x.x -A ../etc/ssl/ca.pem -C ../etc/ssl/client.pem -K ../etc/ssl/client_key.pem
CHECK_NRPE: Error - Could not complete SSL handshake with x.x.x.x: 1


The client.pem is signed by the same Active Directory CA
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rkennedy » Fri Sep 30, 2016 12:15 pm

Did you configure the certificate in your NSClient++ configuration file?

To add to this, what does the nsclient.log file show as the problem, on the client side? This should help us see what the problem is.
rkennedy
 
Posts: 6562
Joined: Mon Oct 05, 2015 11:45 am

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rubentro » Wed Oct 05, 2016 9:49 am

Yes, I did configure them in the config file:
Code: Select all
[/settings/NRPE/server]
insecure = 0
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate key = security/server_key.pem
certificate = security/server.pem
ca = security/ca.pem


I wanted to run the command again to be able to give you the exact error, but now suddenly it works... I don't get it... I'm not one to reach out for help usually, but I couldn't get past this issue. Anyway, I'm not complaining!

Thanks for the help anyway!
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Postby lgroschen » Wed Oct 05, 2016 2:42 pm

Glad it was resolved, it's magic! Can we get the go ahead to close this post?
/Luke
User avatar
lgroschen
 
Posts: 384
Joined: Wed Nov 27, 2013 1:17 pm

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rubentro » Thu Oct 06, 2016 3:18 am

Yes you can!

Closed, thanks!
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am


Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 3 guests