Home » Categories » Multiple Categories

OpenSSL causes issue with check_nrpe plugin with NSClient++

The Problem

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++.

Error Displayed

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1

Error in the nsclient.log file

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Solution

To fix this, do the following:

1. Generate DH key on the new Nagios server. (It will take a long time to generate so be patient)

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

The below is an example of the output:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsT8ZYluOSVjB67zI8HXRzAjVRsBGLktGbUm7Zfhtn5dYTMaEjSRx
+7McBGnmoJa9ty54UE/5/8rM1CFvA5VyEOakZHemTNvAofB40ZmEhgANVmbHZxtr
egvj4svxnvFM4gAfpsSe2C8DVbXXEJlUVfyacbfb4f9ko0l62XsTEQJGWGRxXca7
b66g5MY6eYxihavufmZmZPw4ZnBPEpoGpH2GKZ0obOEfACTrV01p+CbiVDJ9lpc7
KOxbXA+3nV5LRMSjlz83RuDdQ3QLcQQQ7cpWKEzAlHO/AO4BRqthmSBkTVWNeHoO
a4PNgZO2xdnLHJuK75YQJeLAOKI9xVgaCwIBAg==
-----END DH PARAMETERS-----

2. Paste the DH key to a new file "nrpe_dh_2048.pem" on the Windows server in the following location:

C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open a command prompt in Windows (under user with admin privileges) and run these commands:

cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

Or add the below under the [/settings/NRPE/server] section in the C:\Program Files\NSClient++\nsclient.ini file:

; DH KEY -
dh = ${certificate-path}/nrpe_dh_2048.pem

4. Restart NSClient++ service

net stop nscp && net start nscp

Test it:

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

I (0.5.0.62 2016-09-14) seem to be doing fine...

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Troubleshooting Reports
Viewed 3056 times since Wed, Dec 5, 2018
Nagios XI - Login Screen Keeps Redirecting To Itself
Viewed 3644 times since Wed, Jan 27, 2016
Nagios XI - Can’t Log Into The Web Interface
Viewed 29695 times since Tue, Jan 27, 2015
ERROR: Please add the ’Optional’ channel to your Red Hat systems subscriptions
Viewed 16125 times since Tue, Jan 26, 2016
Nagios XI - Uploaded plugin returns "/bin/bash^M: bad interpreter: No such file or directory"
Viewed 3562 times since Thu, Feb 25, 2016
SNMP traps are now showing UNKNOWN for the sender IP
Viewed 748 times since Tue, Jan 19, 2021
CCM says unapplied changes exist, but none listed
Viewed 2486 times since Mon, Feb 27, 2017
Nagios XI - Unable To Login Using Two Factor Authentication
Viewed 2825 times since Tue, Apr 10, 2018
Upgrading to NDO 3 after having been downgraded in newer versions of Nagios XI
Viewed 500 times since Fri, Jan 15, 2021
Nagios XI - How To Test Check Commands From The Command-line
Viewed 22360 times since Tue, Jan 26, 2016