THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Home » Categories » Multiple Categories

OpenSSL causes issue with check_nrpe plugin with NSClient++
Article Number: 901 | Rating: 1/5 from 6 votes | Last Updated by rspielman on Sat, Oct 21, 2023 at 10:45 AM

The Problem

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++.

Error Displayed

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1

Error in the nsclient.log file

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Solution

To fix this, do the following:

1. Generate DH key on the new Nagios server. (It will take a long time to generate so be patient)

For OpenSSL >= 3.0

openssl dhparam 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

For OpenSSL < 3.0

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

The below is an example of the output:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsT8ZYluOSVjB67zI8HXRzAjVRsBGLktGbUm7Zfhtn5dYTMaEjSRx
+7McBGnmoJa9ty54UE/5/8rM1CFvA5VyEOakZHemTNvAofB40ZmEhgANVmbHZxtr
egvj4svxnvFM4gAfpsSe2C8DVbXXEJlUVfyacbfb4f9ko0l62XsTEQJGWGRxXca7
b66g5MY6eYxihavufmZmZPw4ZnBPEpoGpH2GKZ0obOEfACTrV01p+CbiVDJ9lpc7
KOxbXA+3nV5LRMSjlz83RuDdQ3QLcQQQ7cpWKEzAlHO/AO4BRqthmSBkTVWNeHoO
a4PNgZO2xdnLHJuK75YQJeLAOKI9xVgaCwIBAg==
-----END DH PARAMETERS-----

2. Paste the DH key to a new file "nrpe_dh_2048.pem" on the Windows server in the following location:

C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open a command prompt in Windows (under user with admin privileges) and run these commands:

cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

Or add the below under the [/settings/NRPE/server] section in the C:\Program Files\NSClient++\nsclient.ini file:

; DH KEY -
dh = ${certificate-path}/nrpe_dh_2048.pem

4. Restart NSClient++ service

net stop nscp && net start nscp

Test it:

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

I (0.5.0.62 2016-09-14) seem to be doing fine...

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Fri, Apr 30, 2021 at 9:31 AM. This article has been viewed 13981 times.
Filed Under: Common Problems, Troubleshooting
1 (6)
Article Rating (6 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Profile Build Failed
Viewed 15601 times since Tue, Aug 2, 2016
SSL Certificate does not validate properly
Viewed 7050 times since Wed, Jan 20, 2021
Performance Graphs Showing Data during Host Down Time Periods
Viewed 4383 times since Tue, Dec 7, 2021
Slack Notifications Stopped Working
Viewed 6124 times since Wed, Mar 18, 2020
Nagios XI - Downloading A System Profile
Viewed 10072 times since Wed, Jul 19, 2017
Nagios XI - Scheduled Reports Not Running
Viewed 7183 times since Thu, Aug 10, 2017
Nagios XI - Best Practices - NWC15
Viewed 10140 times since Thu, Feb 4, 2016
Nagios XI - Notifications Not Sending In XI 5.3.0
Viewed 6895 times since Tue, Oct 4, 2016
NDOUtils - Message Queue Exceeded
Viewed 18494 times since Thu, Jan 21, 2016
Nagios XI - Installing XI Fails To Install Dependency pymssql
Viewed 10352 times since Mon, Oct 17, 2016
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios