NRPE Issues?

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
xxedgexx
Posts: 1
Joined: Thu Sep 09, 2021 12:30 am

NRPE Issues?

Post by xxedgexx »

Is this the correct forum for NRPE related issues? If not, please feel free to redirect me.

I'm having issues just with SSL configuration. Using existing certificates being used for SSL over httpd, I'm unable to make communication work and I'm not exactly sure how to debug given these certificates are working fine in their original role.

Client machine:
[root@mon plugins]# ./check_nrpe -H mx1.la1.blah.corp --key-file=/etc/pki/tls/private/mon.la1.clx.blah.key --client-cert=/etc/pki/tls/certs/mon.la1.blah.corp.cer --ca-cert-file=/etc/pki/tls/certs/BlahCA-chain.pem -c check_disk
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

NRPE Server on destination host:
[1631165638] Connection from 192.168.30.76 port 54498
[1631165638] is_an_allowed_host (AF_INET): is host >192.168.30.76< an allowed host >192.168.30.76<
[1631165638] is_an_allowed_host (AF_INET): host is in allowed host list!
[1631165638] Host address is in allowed_hosts
[1631165638] SSL Client has an invalid certificate: /CN=mon.la1.blah.corp (issuer=/CN=BlahCA/O=Blah CA/C=Com) err=26:unsupported certificate purpose
[1631165638] Error: (ERR_get_error_line_data = 337100934), Could not complete SSL handshake with 192.168.30.76: certificate verify failed
[1631165638] Connection from 192.168.30.76 closed.
[1631165638] CONN_CHECK_PEER: checking if host is allowed: 192.168.30.76 port 55010
[1631165638] Connection from 192.168.30.76 port 55010
[1631165638] is_an_allowed_host (AF_INET): is host >192.168.30.76< an allowed host >192.168.30.76<
[1631165638] is_an_allowed_host (AF_INET): host is in allowed host list!
[1631165638] Host address is in allowed_hosts
[1631165638] SSL Client has an invalid certificate: /CN=mon.la1.blah.corp (issuer=/CN=BlahCA/O=Blah CA/C=Com) err=26:unsupported certificate purpose
[1631165638] Error: (ERR_get_error_line_data = 337100934), Could not complete SSL handshake with 192.168.30.76: certificate verify failed
[1631165638] Connection from 192.168.30.76 closed.

Any clues what could be going wrong here? I'm using nrpe: nrpe-4.0.3

Thanks
Locked