NRPE: NSCP with Unknown CA

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
kopi Lim
Posts: 3
Joined: Mon Nov 25, 2019 8:32 pm

NRPE: NSCP with Unknown CA

Post by kopi Lim »

Hi all,
I am doing a testing before implement monitoring to my company machines.

I am using a Linux Machine (installed Nagios Core) to monitor a Windows 10 Desktop with NSCP (Latest Version, 0.5.2.35) installed. All the installation is running well. Even the command

Code: Select all

./check_nrpe -A [CA] -C [CLientCert..pem] -K [clientKey] -H [IP] -c [checkmem]
it returns what I expected.

Code: Select all

OK: committed: Total: 12.06GB - Used: 9.611GB (79%)
But the things is when I check the log file from the NSCP (from Windows), I saw

Code: Select all

debug:c:\source\master\include\nrpe/server/protocol.hpp:92: Accepting connection from: [__IP__], count=1
error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: tlsv1 alert unknown ca: 1048
So I feel curios and weird when I saw the log. Why is the unknown CA happened ?

PS: I follow the guide from https://support.nagios.com/kb/article.php?id=519
PS2: I created the CA and sign from my Linux Machine and copy the those cert and key to Windows

Below is my nsclient.ini file

Code: Select all

[/settings/NRPE/server]
port = 5666
extended response = 1
use ssl = 1
allow arguments = 1
allow nasty characters = 1
insecure = 0
veryify mode = peer-cert
ssl options = no-sslv2,no-sslv3
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGHT
certificate = ${certificate-path}/client2_cert.pem
certificate key = ${certificate-path}/client2_cert.key
ca = ${certificate-path}/ca2_cert.pem
;DH key = security\nrpe_dh_512.pem
;certificate format = PEM
User avatar
Box293
Too Basu
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:

Re: NRPE: NSCP with Unknown CA

Post by Box293 »

The "unknown ca" message occurs with self signed certificates. Here's detailed information on these sorts of messages:

https://support.nagios.com/kb/article/s ... s-598.html

If you are connecting OK with your commands then everything should be OK and you can ignore the error.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked