THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Recently Viewed
Nagios XI - STRICT_TRANS_TABLES
Home » Categories » Multiple Categories

OpenSSL causes issue with check_nrpe plugin with NSClient++
Article Number: 901 | Rating: 1/5 from 2 votes | Last Updated by rspielman on Sat, Oct 21, 2023 at 10:45 AM

The Problem

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++.

Error Displayed

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1

Error in the nsclient.log file

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Solution

To fix this, do the following:

1. Generate DH key on the new Nagios server. (It will take a long time to generate so be patient)

For OpenSSL >= 3.0

openssl dhparam 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

For OpenSSL < 3.0

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

The below is an example of the output:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsT8ZYluOSVjB67zI8HXRzAjVRsBGLktGbUm7Zfhtn5dYTMaEjSRx
+7McBGnmoJa9ty54UE/5/8rM1CFvA5VyEOakZHemTNvAofB40ZmEhgANVmbHZxtr
egvj4svxnvFM4gAfpsSe2C8DVbXXEJlUVfyacbfb4f9ko0l62XsTEQJGWGRxXca7
b66g5MY6eYxihavufmZmZPw4ZnBPEpoGpH2GKZ0obOEfACTrV01p+CbiVDJ9lpc7
KOxbXA+3nV5LRMSjlz83RuDdQ3QLcQQQ7cpWKEzAlHO/AO4BRqthmSBkTVWNeHoO
a4PNgZO2xdnLHJuK75YQJeLAOKI9xVgaCwIBAg==
-----END DH PARAMETERS-----

2. Paste the DH key to a new file "nrpe_dh_2048.pem" on the Windows server in the following location:

C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open a command prompt in Windows (under user with admin privileges) and run these commands:

cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

Or add the below under the [/settings/NRPE/server] section in the C:\Program Files\NSClient++\nsclient.ini file:

; DH KEY -
dh = ${certificate-path}/nrpe_dh_2048.pem

4. Restart NSClient++ service

net stop nscp && net start nscp

Test it:

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

I (0.5.0.62 2016-09-14) seem to be doing fine...

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Fri, Apr 30, 2021 at 9:31 AM. This article has been viewed 12657 times.
Filed Under: Common Problems, Troubleshooting
1 (2)
Article Rating (2 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Backups are not being generated due to tar creation errors
Viewed 4759 times since Thu, Feb 27, 2020
Nagios XI - MySQL/MariaDB - Max Connections
Viewed 76662 times since Thu, Jun 2, 2016
Nagios XI - ICMP and Ping Checks Stopped Graphing
Viewed 15209 times since Mon, Jan 25, 2016
Nagios XI - MRTG Reports SNMP_Session Errors
Viewed 7334 times since Wed, Jul 27, 2016
Nagios XI - MSSQL Wizards - Adaptive Server connection failed
Viewed 12992 times since Thu, Aug 3, 2017
Nagios XI - Display All Scheduled Reports
Viewed 6100 times since Wed, Oct 12, 2016
Nagios XI - Scheduled Backup Log Level
Viewed 6656 times since Tue, Apr 18, 2017
Installation errors on customized corporate builds of CentOS or RHEL
Viewed 15361 times since Tue, Jan 26, 2016
Nagios XI - Oracle Services Critical After Nagios XI Upgrade
Viewed 7199 times since Wed, Jan 27, 2016
Pages Not Displaying Correctly
Viewed 9613 times since Mon, Jan 25, 2016
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios