Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Cannot run check_nrpe from Linux to Windows server with SSL

https://support.nagios.com/forum/viewtopic.php?t=40448

Page 1 of 1

Cannot run check_nrpe from Linux to Windows server with SSL

Posted: Fri Sep 30, 2016 3:49 am
by rubentro
I'm following this guide: https://www.medin.name/blog/2012/12/02/ ... ntication/

I'm running nsclient++ on windows server, and installed our Active Directory CA certificate + certificates signed for the windows server in the security/ directory.
If I run nscp test on the windows server itself with following command, it's successful.

Code: Select all

nscp nrpe --host 127.0.0.1 --ca security\ca.pem --verify peer-cert --allowed-ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH --certificate security\server.pem --certificate-key security\server_key.pem
I (0.5.0.62 2016-09-14) seem to be doing fine...
However, if I run it from my nagis host, I always get on Windows server side "sslv3 alert handshake failure: 1040".
From my command line on the linux host:

Code: Select all

./check_nrpe -H x.x.x.x -A ../etc/ssl/ca.pem -C ../etc/ssl/client.pem -K ../etc/ssl/client_key.pem
CHECK_NRPE: Error - Could not complete SSL handshake with x.x.x.x: 1
The client.pem is signed by the same Active Directory CA

Re: Cannot run check_nrpe from Linux to Windows server with

Posted: Fri Sep 30, 2016 12:15 pm
by rkennedy
Did you configure the certificate in your NSClient++ configuration file?

To add to this, what does the nsclient.log file show as the problem, on the client side? This should help us see what the problem is.

Re: Cannot run check_nrpe from Linux to Windows server with

Posted: Wed Oct 05, 2016 9:49 am
by rubentro
Yes, I did configure them in the config file:

Code: Select all

[/settings/NRPE/server]
insecure = 0
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate key = security/server_key.pem
certificate = security/server.pem
ca = security/ca.pem
I wanted to run the command again to be able to give you the exact error, but now suddenly it works... I don't get it... I'm not one to reach out for help usually, but I couldn't get past this issue. Anyway, I'm not complaining!

Thanks for the help anyway!

Re: Cannot run check_nrpe from Linux to Windows server with

Posted: Wed Oct 05, 2016 2:42 pm
by lgroschen
Glad it was resolved, it's magic! Can we get the go ahead to close this post?

Re: Cannot run check_nrpe from Linux to Windows server with

Posted: Thu Oct 06, 2016 3:18 am
by rubentro
Yes you can!

Closed, thanks!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited