Hello all,
Most online guides simply disable SSL, enable insecure mode; that is not the desired behavior anymore.
I am looking for a guide on how to implement NRPE with certificate authentication / encryption.
Any idea where can I find some guidelines for implementing such behavior ?
Thank you
NRPE & Certificates
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: NRPE & Certificates
This isn't true, ore these guides are just wrong. It sounds like you're referencing nsclient++ and the NRPE server module specifically, this works perfectly fine with SSL enabled, it just isn't a strong implementation, hence "insecure=1". There is absolutely no need in disabling SSL though.amprantino wrote:Most online guides simply disable SSL
To answer your question - guidelines to fix the weak SSL implementation would read something like:
"Fix this bug: http://tracker.nagios.org/view.php?id=90"
or
"Use NCPA or nscp"
-
amprantino
- Posts: 140
- Joined: Thu Apr 18, 2013 8:25 am
- Location: libexec
Re: NRPE & Certificates
Yes, I am referring to NRPE module for nagios server (check_nrpe 2.15) and NSClient++ 0.4.3.143 for windows.
I don't want to disable SSL; I want to increase security by using certifications for authentication & encryption.
Unfortunately the link inside the tracker nagios is not working ( http://nsclient.org/nscp/blog/Blog-2012-12-18 )
Are there any guides on how to correctly implement the certificates?
I don't want to disable SSL; I want to increase security by using certifications for authentication & encryption.
Unfortunately the link inside the tracker nagios is not working ( http://nsclient.org/nscp/blog/Blog-2012-12-18 )
Are there any guides on how to correctly implement the certificates?
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: NRPE & Certificates
The configuration of certificates in nsclient is very straightforward if you understand how SSL certificates *work*. Nonetheless Michael's blog post on the topic was great and I cannot reproduce the efforts he put into it easily. Use the wayback machine to find it:
https://web.archive.org/web/20130120204 ... ntication/
Depending on how protected (encryption vs. authentication vs peer authentication) you wish to become, you may need to setup your own enterprise certificate signing authority or pay for 3rd party certs. Be conscious that setting this up right from day 1 is key since if you don't know what you're doing you'll pay for it down the road.
https://web.archive.org/web/20130120204 ... ntication/
Depending on how protected (encryption vs. authentication vs peer authentication) you wish to become, you may need to setup your own enterprise certificate signing authority or pay for 3rd party certs. Be conscious that setting this up right from day 1 is key since if you don't know what you're doing you'll pay for it down the road.
-
amprantino
- Posts: 140
- Joined: Thu Apr 18, 2013 8:25 am
- Location: libexec
Re: NRPE & Certificates
A CA is already in place.
Thank you for the URL. It is the missing documentation I was looking for.
Thank you
Thank you for the URL. It is the missing documentation I was looking for.
Thank you