[icinga-users] icinga-nrpe

Thomas Pries seirp.samoht at googlemail.com
Wed Mar 7 22:31:36 CET 2012


Am 07.03.2012 19:47, schrieb Michael Friedrich:
> Thomas Pries wrote:
>> I tried to setup icing-nrpe on one host with selfsigned SSL-Certs for
>> both client and daemon. When I try to connect I got:
>>
>> CHECK_NRPE: Error - Could not complete SSL handshake.
>> CHECK_NRPE: Error - Failed to get peer certificate.
>>
>> I set debug=1 in nrpe.cfg to find out what went wrong, but the only info
>> at daemon-log was "nrpe[12912]: Connection from 2001:4dd0:... port 59107".
>
> there should be more output when debug is enabled.
>>
>> I is there any kind of "very verbose"-option either on client or on
>> daemon side to find out why the handshake fails?
>
> first off, you cloned from git. so please provide the sha1 you are
> currently using.

I took icinga-nrpe-HEAD.tar.gz from

https://git.icinga.org/?p=icinga-nrpe.git;a=tree;hb=HEAD

may be, this was not a good idea, now I got

icinga-nrpe-f42441262157d866cf45d20e3793f0c9e11c2bb2.tar

from https://git.icinga.org/?p=icinga-nrpe.git;a=summary

Now there is a little more output:

Mar  7 21:11:20 ntp nrpe[23167]: Connection from 2001:... port 57828
Mar  7 21:11:20 ntp nrpe[23167]: got match with 2001:...
Mar  7 21:11:20 ntp nrpe[23167]: Host address 2001:... is in allowed_hosts
Mar  7 21:11:20 ntp nrpe[23167]: Handling the connection...
Mar  7 21:11:22 ntp nrpe[23167]: Error: Could not complete SSL handshake. 1
Mar  7 21:11:22 ntp nrpe[23167]: Connection from 2001:.... closed.

And the client says:

./check_nrpe -H ntp....  -C /usr/local/icinga/etc/client_icinga-nrpe.crt 
-k /usr/local/icinga/etc/client_icinga-nrpe_sin.key -r 
/usr/local/icinga/etc/client_icinga-nrpe.crt -t 20 -c check_part_root

CHECK_NRPE: Error - Could not complete SSL handshake.
CHECK_NRPE: Error - Failed to verify server certificate.




More information about the icinga-users mailing list