NRPE Issues?

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

NRPE Issues?

Postby xxedgexx » Thu Sep 09, 2021 12:37 am

Is this the correct forum for NRPE related issues? If not, please feel free to redirect me.

I'm having issues just with SSL configuration. Using existing certificates being used for SSL over httpd, I'm unable to make communication work and I'm not exactly sure how to debug given these certificates are working fine in their original role.

Client machine:
[root@mon plugins]# ./check_nrpe -H mx1.la1.blah.corp --key-file=/etc/pki/tls/private/mon.la1.clx.blah.key --client-cert=/etc/pki/tls/certs/mon.la1.blah.corp.cer --ca-cert-file=/etc/pki/tls/certs/BlahCA-chain.pem -c check_disk
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

NRPE Server on destination host:
[1631165638] Connection from 192.168.30.76 port 54498
[1631165638] is_an_allowed_host (AF_INET): is host >192.168.30.76< an allowed host >192.168.30.76<
[1631165638] is_an_allowed_host (AF_INET): host is in allowed host list!
[1631165638] Host address is in allowed_hosts
[1631165638] SSL Client has an invalid certificate: /CN=mon.la1.blah.corp (issuer=/CN=BlahCA/O=Blah CA/C=Com) err=26:unsupported certificate purpose
[1631165638] Error: (ERR_get_error_line_data = 337100934), Could not complete SSL handshake with 192.168.30.76: certificate verify failed
[1631165638] Connection from 192.168.30.76 closed.
[1631165638] CONN_CHECK_PEER: checking if host is allowed: 192.168.30.76 port 55010
[1631165638] Connection from 192.168.30.76 port 55010
[1631165638] is_an_allowed_host (AF_INET): is host >192.168.30.76< an allowed host >192.168.30.76<
[1631165638] is_an_allowed_host (AF_INET): host is in allowed host list!
[1631165638] Host address is in allowed_hosts
[1631165638] SSL Client has an invalid certificate: /CN=mon.la1.blah.corp (issuer=/CN=BlahCA/O=Blah CA/C=Com) err=26:unsupported certificate purpose
[1631165638] Error: (ERR_get_error_line_data = 337100934), Could not complete SSL handshake with 192.168.30.76: certificate verify failed
[1631165638] Connection from 192.168.30.76 closed.

Any clues what could be going wrong here? I'm using nrpe: nrpe-4.0.3

Thanks
xxedgexx
 
Posts: 1
Joined: Thu Sep 09, 2021 12:30 am

Return to Community Support

Who is online

Users browsing this forum: Google [Bot], kikko, Support_Talea and 19 guests