THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Home » Categories » Multiple Categories

OpenSSL causes issue with check_nrpe plugin with NSClient++
Article Number: 901 | Rating: 1/5 from 2 votes | Last Updated by rspielman on Sat, Oct 21, 2023 at 10:45 AM

The Problem

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++.

Error Displayed

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1

Error in the nsclient.log file

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Solution

To fix this, do the following:

1. Generate DH key on the new Nagios server. (It will take a long time to generate so be patient)

For OpenSSL >= 3.0

openssl dhparam 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

For OpenSSL < 3.0

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

The below is an example of the output:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsT8ZYluOSVjB67zI8HXRzAjVRsBGLktGbUm7Zfhtn5dYTMaEjSRx
+7McBGnmoJa9ty54UE/5/8rM1CFvA5VyEOakZHemTNvAofB40ZmEhgANVmbHZxtr
egvj4svxnvFM4gAfpsSe2C8DVbXXEJlUVfyacbfb4f9ko0l62XsTEQJGWGRxXca7
b66g5MY6eYxihavufmZmZPw4ZnBPEpoGpH2GKZ0obOEfACTrV01p+CbiVDJ9lpc7
KOxbXA+3nV5LRMSjlz83RuDdQ3QLcQQQ7cpWKEzAlHO/AO4BRqthmSBkTVWNeHoO
a4PNgZO2xdnLHJuK75YQJeLAOKI9xVgaCwIBAg==
-----END DH PARAMETERS-----

2. Paste the DH key to a new file "nrpe_dh_2048.pem" on the Windows server in the following location:

C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open a command prompt in Windows (under user with admin privileges) and run these commands:

cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

Or add the below under the [/settings/NRPE/server] section in the C:\Program Files\NSClient++\nsclient.ini file:

; DH KEY -
dh = ${certificate-path}/nrpe_dh_2048.pem

4. Restart NSClient++ service

net stop nscp && net start nscp

Test it:

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

I (0.5.0.62 2016-09-14) seem to be doing fine...

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Fri, Apr 30, 2021 at 9:31 AM. This article has been viewed 12660 times.
Filed Under: Common Problems, Troubleshooting
1 (2)
Article Rating (2 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - mysql_error out of range value for column
Viewed 8277 times since Tue, Aug 14, 2018
Nagios XI - CentOS 6 Installation Problems XI 2011R1.7 2011R1.8
Viewed 5818 times since Tue, Feb 2, 2016
Enabling Oracle Linux Optional Repository
Viewed 20677 times since Mon, May 14, 2018
Backups are not being generated due to tar creation errors
Viewed 4759 times since Thu, Feb 27, 2020
Nagios XI - Missing localhost Alerts
Viewed 7537 times since Sun, Nov 5, 2017
Slack Notifications Stopped Working
Viewed 5689 times since Wed, Mar 18, 2020
VMWare checks timing out or slow
Viewed 4625 times since Fri, Feb 11, 2022
Nagios XI - Migrate Performance Data
Viewed 14466 times since Tue, Jan 26, 2016
Nagios XI - How To Test Check Commands From The Command-line
Viewed 53043 times since Tue, Jan 26, 2016
Nagios Core - Nagios did not exit in a timely manner
Viewed 10192 times since Wed, Jan 27, 2016
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios