NRPE: NSCP with Unknown CA

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

NRPE: NSCP with Unknown CA

Postby kopi Lim » Sun Dec 08, 2019 4:29 am

Hi all,
I am doing a testing before implement monitoring to my company machines.

I am using a Linux Machine (installed Nagios Core) to monitor a Windows 10 Desktop with NSCP (Latest Version, 0.5.2.35) installed. All the installation is running well. Even the command
Code: Select all
./check_nrpe -A [CA] -C [CLientCert..pem] -K [clientKey] -H [IP] -c [checkmem]
it returns what I expected.
Code: Select all
OK: committed: Total: 12.06GB - Used: 9.611GB (79%)


But the things is when I check the log file from the NSCP (from Windows), I saw
Code: Select all
debug:c:\source\master\include\nrpe/server/protocol.hpp:92: Accepting connection from: [__IP__], count=1
error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: tlsv1 alert unknown ca: 1048


So I feel curios and weird when I saw the log. Why is the unknown CA happened ?

PS: I follow the guide from https://support.nagios.com/kb/article.php?id=519
PS2: I created the CA and sign from my Linux Machine and copy the those cert and key to Windows

Below is my nsclient.ini file
Code: Select all
[/settings/NRPE/server]
port = 5666
extended response = 1
use ssl = 1
allow arguments = 1
allow nasty characters = 1
insecure = 0
veryify mode = peer-cert
ssl options = no-sslv2,no-sslv3
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGHT
certificate = ${certificate-path}/client2_cert.pem
certificate key = ${certificate-path}/client2_cert.key
ca = ${certificate-path}/ca2_cert.pem
;DH key = security\nrpe_dh_512.pem
;certificate format = PEM
kopi Lim
 
Posts: 3
Joined: Mon Nov 25, 2019 8:32 pm

Re: NRPE: NSCP with Unknown CA

Postby Box293 » Tue Dec 10, 2019 7:56 pm

The "unknown ca" message occurs with self signed certificates. Here's detailed information on these sorts of messages:

https://support.nagios.com/kb/article/ssl-tls-understanding-certificate-warnings-598.html

If you are connecting OK with your commands then everything should be OK and you can ignore the error.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
Box293
Too Basu
 
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia


Return to Community Support

Who is online

Users browsing this forum: cdcsysadmin, fuitseng, Google [Bot] and 51 guests