Cannot run check_nrpe from Linux to Windows server with SSL

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Cannot run check_nrpe from Linux to Windows server with SSL

Postby rubentro » Fri Sep 30, 2016 3:49 am

I'm following this guide: https://www.medin.name/blog/2012/12/02/ ... ntication/

I'm running nsclient++ on windows server, and installed our Active Directory CA certificate + certificates signed for the windows server in the security/ directory.
If I run nscp test on the windows server itself with following command, it's successful.

Code: Select all
nscp nrpe --host 127.0.0.1 --ca security\ca.pem --verify peer-cert --allowed-ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH --certificate security\server.pem --certificate-key security\server_key.pem
I (0.5.0.62 2016-09-14) seem to be doing fine...


However, if I run it from my nagis host, I always get on Windows server side "sslv3 alert handshake failure: 1040".
From my command line on the linux host:

Code: Select all
./check_nrpe -H x.x.x.x -A ../etc/ssl/ca.pem -C ../etc/ssl/client.pem -K ../etc/ssl/client_key.pem
CHECK_NRPE: Error - Could not complete SSL handshake with x.x.x.x: 1


The client.pem is signed by the same Active Directory CA
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rkennedy » Fri Sep 30, 2016 12:15 pm

Did you configure the certificate in your NSClient++ configuration file?

To add to this, what does the nsclient.log file show as the problem, on the client side? This should help us see what the problem is.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
rkennedy
Support Tech
 
Posts: 5916
Joined: Mon Oct 05, 2015 11:45 am
Location: Nagios Enterprises

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rubentro » Wed Oct 05, 2016 9:49 am

Yes, I did configure them in the config file:
Code: Select all
[/settings/NRPE/server]
insecure = 0
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate key = security/server_key.pem
certificate = security/server.pem
ca = security/ca.pem


I wanted to run the command again to be able to give you the exact error, but now suddenly it works... I don't get it... I'm not one to reach out for help usually, but I couldn't get past this issue. Anyway, I'm not complaining!

Thanks for the help anyway!
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Postby lgroschen » Wed Oct 05, 2016 2:42 pm

Glad it was resolved, it's magic! Can we get the go ahead to close this post?
/Luke
Developer - Nagios Enterprises
email: lgroschen@nagios.com

Check out our Nagios Support Knowledgebase today for useful guides, troubleshooting steps, and FAQs.
User avatar
lgroschen
Developer
 
Posts: 384
Joined: Wed Nov 27, 2013 1:17 pm
Location: Nagios Enterprises

Re: Cannot run check_nrpe from Linux to Windows server with

Postby rubentro » Thu Oct 06, 2016 3:18 am

Yes you can!

Closed, thanks!
rubentro
 
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am


Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 2 guests