seirp.samoht at googlemail.com
Wed Mar 7 22:31:36 CET 2012
Am 07.03.2012 19:47, schrieb Michael Friedrich:
> Thomas Pries wrote:
>> I tried to setup icing-nrpe on one host with selfsigned SSL-Certs for
>> both client and daemon. When I try to connect I got:
>> CHECK_NRPE: Error - Could not complete SSL handshake.
>> CHECK_NRPE: Error - Failed to get peer certificate.
>> I set debug=1 in nrpe.cfg to find out what went wrong, but the only info
>> at daemon-log was "nrpe: Connection from 2001:4dd0:... port 59107".
> there should be more output when debug is enabled.
>> I is there any kind of "very verbose"-option either on client or on
>> daemon side to find out why the handshake fails?
> first off, you cloned from git. so please provide the sha1 you are
> currently using.
I took icinga-nrpe-HEAD.tar.gz from
may be, this was not a good idea, now I got
Now there is a little more output:
Mar 7 21:11:20 ntp nrpe: Connection from 2001:... port 57828
Mar 7 21:11:20 ntp nrpe: got match with 2001:...
Mar 7 21:11:20 ntp nrpe: Host address 2001:... is in allowed_hosts
Mar 7 21:11:20 ntp nrpe: Handling the connection...
Mar 7 21:11:22 ntp nrpe: Error: Could not complete SSL handshake. 1
Mar 7 21:11:22 ntp nrpe: Connection from 2001:.... closed.
And the client says:
./check_nrpe -H ntp.... -C /usr/local/icinga/etc/client_icinga-nrpe.crt
-k /usr/local/icinga/etc/client_icinga-nrpe_sin.key -r
/usr/local/icinga/etc/client_icinga-nrpe.crt -t 20 -c check_part_root
CHECK_NRPE: Error - Could not complete SSL handshake.
CHECK_NRPE: Error - Failed to verify server certificate.
More information about the icinga-users