Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

[Solved] Yet another Could not complete SSL handshake error

https://support.nagios.com/forum/viewtopic.php?t=27236

Page 1 of 1

[Solved] Yet another Could not complete SSL handshake error

Posted: Wed May 21, 2014 12:36 pm
by jbruyet
Hey all, I just moved my Nagios monitoring from my FreeBSD server to my CentOS 6.5 server. I'm now in the clean-up phase and I've hit a snag -- I'm unable to get monitoring to work on my Linux servers.

The error:

Code: Select all

CHECK_NRPE: Error - Could not complete SSL handshake.
Both the server and client now have the same version of nrpe (I just installed the new nrpe on the client but still no joy):

Client:

Code: Select all

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
Server:

Code: Select all

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
I even tried including the -n switch but that didn't help:

Code: Select all

[root@FreeNag objects]#  /usr/local/nagios/libexec/check_nrpe -H 192.168.2.83 -n
CHECK_NRPE: Error receiving data from daemon.
[root@FreeNag objects]#  /usr/local/nagios/libexec/check_nrpe -H 192.168.2.83
CHECK_NRPE: Error - Could not complete SSL handshake.
The only possible issue I can find is that the SSL versions are a little off:

Code: Select all

root@srvBackup:/usr/local/nagios/etc# openssl version
OpenSSL 0.9.8o 01 Jun 2010

[root@FreeNag objects]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
I tried upgrading srvBackup (through apt-get) but no upgrades are available, then I removed and reinstalled openssl but it's the same version. Should I try to remove openssl and try reinstalling from another source?

Thanks,

Joe B

Re: Yet another "Could not complete SSL handshake" error

Posted: Wed May 21, 2014 12:49 pm
by abrist
jbruyet wrote:The only possible issue I can find is that the SSL versions are a little off:
There was a hard break in ssl supported version, so this could very well be the case.
When you try to connect, the error should be logged in the nrpe daemon server's messages.

Code: Select all

tail -20 /var/log/messages

Re: Yet another "Could not complete SSL handshake" error

Posted: Wed May 21, 2014 1:05 pm
by jbruyet
Hi abrist, I can't find anything nrpe-related:

Code: Select all

[root@FreeNag objects]# grep nrpe /var/log/messages
[root@FreeNag objects]#
That's on the server and the client.

Thanks,

Joe B

Re: Yet another "Could not complete SSL handshake" error

Posted: Wed May 21, 2014 3:40 pm
by lmiltchev
Did you add nagios server's IP to the "allowed_hosts" line in the "nrpe.cfg" file on the client (or to the "only_from" line in the "/etc/xinetd.d/nrpe" if nrpe is running under xinetd)?

Re: Yet another "Could not complete SSL handshake" error

Posted: Wed May 21, 2014 4:52 pm
by jbruyet
Thank you, lmiltchev, for that answer. All of my Linux servers are now all green except for one, and that one is slowly getting greener. What a rookie mistake -- I made the changes to my Windows servers but never even thought about my Linux servers. AND, with the SSL error message I would never have thought about looking for the answer in an allowed_hosts section of a config file.

Thanks again,

Joe B

Re: [Solved] Yet another Could not complete SSL handshake e

Posted: Wed May 21, 2014 4:55 pm
by tmcdonald
The good thing about mistakes is that you (hopefully) learn something from them!

Is it safe to close this up now?
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited