Nagios Support Forum

From server with NCPA:
$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693

When I change the ncpa.cfg from ssl_version = TLSv1_1 to ssl_version = TLSv1 and restarted the NCPA_Listener. I still receive the same error.

Can we set these back to the defaults

Reset back to the default of TLSv1_2

$ cat /usr/local/ncpa/etc/ncpa.cfg | grep TLS
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
ssl_version = TLSv1_2

$ curl -v https://localhost:5693/ -k
* About to connect() to localhost port 5693 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5693 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.0, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:5693
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:5693

Did you restart the listener after making the changes?

Could you send us your ncpa.cfg file? You can either post or PM it.
Can you try this?

Yes, the ncpa_listener was restarted.

$ curl --tlsv1.2 -k https://xxxxxxxx:5693
curl: (35) Unsupported SSL protocol version

$ curl --tlsv1 -k https://xxxxxxx:5693
curl: (35) Unknown SSL protocol error in connection to xxxxxxx:5693

$ curl -V
curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz


PM sent with ncpa.cfg

Can you run the following from the Nagios XI server replacing mytoken with the token in the ncpa config, and xxxxxxxx with the IP of the suse machine

$ python /usr/local/nagios/libexec/check_ncpa.py -v -H XXXXXXX -t mytoken -M 'cpu/percent'
Connecting to: https://xxxxxxxx:5693/api/cpu/percent/? ... 79&check=1
An error occurred:<urlopen error [Errno 104] Connection reset by peer>

hbouma wrote:$ python /usr/local/nagios/libexec/check_ncpa.py -v -H XXXXXXX -t mytoken -M 'cpu/percent'
Connecting to: https://xxxxxxxx:5693/api/cpu/percent/? ... 79&check=1
An error occurred:<urlopen error [Errno 104] Connection reset by peer>

Are you sure you don't have a firewall on the suse machine blocking connections to port 5693?

Not that I can find.

$ rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 unused

I did inherit these servers with some unusual configuration management settings. I have disabled the configuration management, so the agent install should have changed the settings as needed.

I am reaching back out to the team that did the original setup and will report back what we can find.

hbouma wrote:Not that I can find.

$ rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 unused

I did inherit these servers with some unusual configuration management settings. I have disabled the configuration management, so the agent install should have changed the settings as needed.

I am reaching back out to the team that did the original setup and will report back what we can find.

thanks!