Cannot run check_nrpe from Linux to Windows server with SSL

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
rubentro
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Cannot run check_nrpe from Linux to Windows server with SSL

Post by rubentro »

I'm following this guide: https://www.medin.name/blog/2012/12/02/ ... ntication/

I'm running nsclient++ on windows server, and installed our Active Directory CA certificate + certificates signed for the windows server in the security/ directory.
If I run nscp test on the windows server itself with following command, it's successful.

Code: Select all

nscp nrpe --host 127.0.0.1 --ca security\ca.pem --verify peer-cert --allowed-ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH --certificate security\server.pem --certificate-key security\server_key.pem
I (0.5.0.62 2016-09-14) seem to be doing fine...
However, if I run it from my nagis host, I always get on Windows server side "sslv3 alert handshake failure: 1040".
From my command line on the linux host:

Code: Select all

./check_nrpe -H x.x.x.x -A ../etc/ssl/ca.pem -C ../etc/ssl/client.pem -K ../etc/ssl/client_key.pem
CHECK_NRPE: Error - Could not complete SSL handshake with x.x.x.x: 1
The client.pem is signed by the same Active Directory CA
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: Cannot run check_nrpe from Linux to Windows server with

Post by rkennedy »

Did you configure the certificate in your NSClient++ configuration file?

To add to this, what does the nsclient.log file show as the problem, on the client side? This should help us see what the problem is.
Former Nagios Employee
rubentro
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Post by rubentro »

Yes, I did configure them in the config file:

Code: Select all

[/settings/NRPE/server]
insecure = 0
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate key = security/server_key.pem
certificate = security/server.pem
ca = security/ca.pem
I wanted to run the command again to be able to give you the exact error, but now suddenly it works... I don't get it... I'm not one to reach out for help usually, but I couldn't get past this issue. Anyway, I'm not complaining!

Thanks for the help anyway!
User avatar
lgroschen
Posts: 384
Joined: Wed Nov 27, 2013 1:17 pm

Re: Cannot run check_nrpe from Linux to Windows server with

Post by lgroschen »

Glad it was resolved, it's magic! Can we get the go ahead to close this post?
/Luke
rubentro
Posts: 3
Joined: Fri Sep 30, 2016 3:43 am

Re: Cannot run check_nrpe from Linux to Windows server with

Post by rubentro »

Yes you can!

Closed, thanks!
Locked