THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Home » Categories » Multiple Categories

OpenSSL causes issue with check_nrpe plugin with NSClient++
Article Number: 901 | Rating: 1/5 from 4 votes | Last Updated by rspielman on Sat, Oct 21, 2023 at 10:45 AM

The Problem

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++.

Error Displayed

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1

Error in the nsclient.log file

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Solution

To fix this, do the following:

1. Generate DH key on the new Nagios server. (It will take a long time to generate so be patient)

For OpenSSL >= 3.0

openssl dhparam 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

For OpenSSL < 3.0

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

The below is an example of the output:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsT8ZYluOSVjB67zI8HXRzAjVRsBGLktGbUm7Zfhtn5dYTMaEjSRx
+7McBGnmoJa9ty54UE/5/8rM1CFvA5VyEOakZHemTNvAofB40ZmEhgANVmbHZxtr
egvj4svxnvFM4gAfpsSe2C8DVbXXEJlUVfyacbfb4f9ko0l62XsTEQJGWGRxXca7
b66g5MY6eYxihavufmZmZPw4ZnBPEpoGpH2GKZ0obOEfACTrV01p+CbiVDJ9lpc7
KOxbXA+3nV5LRMSjlz83RuDdQ3QLcQQQ7cpWKEzAlHO/AO4BRqthmSBkTVWNeHoO
a4PNgZO2xdnLHJuK75YQJeLAOKI9xVgaCwIBAg==
-----END DH PARAMETERS-----

2. Paste the DH key to a new file "nrpe_dh_2048.pem" on the Windows server in the following location:

C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open a command prompt in Windows (under user with admin privileges) and run these commands:

cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

Or add the below under the [/settings/NRPE/server] section in the C:\Program Files\NSClient++\nsclient.ini file:

; DH KEY -
dh = ${certificate-path}/nrpe_dh_2048.pem

4. Restart NSClient++ service

net stop nscp && net start nscp

Test it:

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

I (0.5.0.62 2016-09-14) seem to be doing fine...

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Fri, Apr 30, 2021 at 9:31 AM. This article has been viewed 13596 times.
Filed Under: Common Problems, Troubleshooting
1 (4)
Article Rating (4 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
PHPMailer - Troubleshooting Using Debug Logging
Viewed 40590 times since Tue, Aug 14, 2018
Nagios XI - MRTG Reports SNMP_Session Errors
Viewed 7814 times since Wed, Jul 27, 2016
Nagios XI - Configuration Applies, but still get "Configuration File Is Out Of Date" Error
Viewed 6267 times since Tue, Jan 26, 2016
Upgrading to NDO 3 after having been downgraded in newer versions of Nagios XI
Viewed 5308 times since Fri, Jan 15, 2021
Nagios XI - Problems with $ Signs in the Check Command
Viewed 10953 times since Tue, Jan 26, 2016
Nagios XI - Debugging Bandwidth Performance Graphs
Viewed 18469 times since Tue, Jan 27, 2015
Web Browser Reports 330 Error Content Encoding
Viewed 9627 times since Tue, Mar 7, 2017
Nagios Core - Nagios did not exit in a timely manner
Viewed 10667 times since Wed, Jan 27, 2016
Nagios XI - How To Delete A Data Source From An RRD File
Viewed 15746 times since Wed, Apr 27, 2016
Nagios XI - Missing localhost Alerts
Viewed 7709 times since Sun, Nov 5, 2017
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios