I can't couple check_nrpe*nrpe over SSL in debian 9.0, openssl 1.1.0e-2,
even in the same system (localhost):
/usr/lib/nagios/plugins/check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake with 127.0.0.1: 1
It is the same with NRPE 3.0.1-3 from the debian repository, or
NRPE 3.1.0 compiled.
Can't couple check_nrpe*nrpe over SSL in debian 9
-
- Posts: 1
- Joined: Thu May 25, 2017 3:07 am
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Can't couple check_nrpe*nrpe over SSL in debian 9
If I understand your issue correctly, there are two solutions:
1. Configure daemon to run without SSL by defining the -n argument in the daemon service
Requires check_nrpe client to also use the -n argument
The check_nrpe client to will not be able to just use the -n argument alone, the daemon also requires it
2. Configure daemon to run using SSL/TLS certificates
the client and check_nrpe require certificates (need to clarify if only one end is required, not both)
NRPE client can use a certificate for encryption
The NRPE client can request the check_nrpe plugin provide a valid certificate
https://support.nagios.com/kb/article/n ... urity.html
Please see https://github.com/NagiosEnterprises/nrpe/issues/119
1. Configure daemon to run without SSL by defining the -n argument in the daemon service
Requires check_nrpe client to also use the -n argument
The check_nrpe client to will not be able to just use the -n argument alone, the daemon also requires it
2. Configure daemon to run using SSL/TLS certificates
the client and check_nrpe require certificates (need to clarify if only one end is required, not both)
NRPE client can use a certificate for encryption
The NRPE client can request the check_nrpe plugin provide a valid certificate
https://support.nagios.com/kb/article/n ... urity.html
Please see https://github.com/NagiosEnterprises/nrpe/issues/119