Problem Description
Your NRDS client cannot submit check results to your NRDP server.
When executing the following command to submit check results (your command will be slightly different):
/usr/local/nrdp/clients/nrds/nrds.pl -H 'centos01'
You receive the following error message:
ERROR: could not connect to NRDP server at https://xi-c6x-x64/nrdp/
curl exited with error 8960
When you try and curl the NRDP server address:
curl -k https://xi-c6x-x64/nrdp/
You receive the following error message:
curl: (35) SSL connect error
Resolution
The reason for the problem is that the NRDP server is using stronger encryption ciphers (in Apache).
The version of NSS needs updating on your NRDS client, NSS is a dependency of curl and hence why it is failing.
Execute the following command to determine what version of NSS is being used by curl:
curl -V
Which will output something like:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
It is our understanding that the correct version of NSS is available in RHEL/CentOS 6.8 onwards.
Execute the following commands to update NSS and curl:
yum update -y nss curl
Once updated verify the version of NSS is being used by curl has been updated:
curl -V
Which will output something like:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
This time the NRDS client will work:
Sent 7 checks to https://xi-c6x-x64/nrdp/
You can proceed with the remaining steps to install the NRDP client.
The NRPD client itself will not have an issue with the self-signed certificate.
The problem only occurs when downloading the installer tarball using the wget command.
If you do not have internet access to install NSS through YUM you will need manually download the RPM's,
transfer them to the NRDS client and then upgrade them.
The following steps reference specific package versions which will change when newer versions are released,
you will need to change the names of the files from the RHEL/CentOS repository.
Here are the commands to download the files:
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-3.21.0-8.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-sysinit-3.21.0-8.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-tools-3.21.0-8.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-util-3.21.0-2.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-softokn-3.14.3-23.el6_7.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nss-softokn-freebl-3.14.3-23.el6_7.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/curl-7.19.7-52.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/libcurl-7.19.7-52.el6.x86_64.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/nspr-4.11.0-1.el6.x86_64.rpm
After transferring all the files to the NRDS client this command will upgrade all the packages:
rpm -U nss-sysinit-3.21.0-8.el6.x86_64.rpm nss-3.21.0-8.el6.x86_64.rpm nss-tools-3.21.0-8.el6.x86_64.rpm nss-util-3.21.0-2.el6.x86_64.rpm nss-softokn-3.14.3-23.el6_7.x86_64.rpm nss-softokn-freebl-3.14.3-23.el6_7.x86_64.rpm curl-7.19.7-52.el6.x86_64.rpm libcurl-7.19.7-52.el6.x86_64.rpm nspr-4.11.0-1.el6.x86_64.rpm
Final Thoughts
For any support related questions please visit the Nagios Support Forums at: