CHECK_NRPE: Error - Could not complete SSL handshake

linux ssl nagios nrpe nagiosxi
Dushyant Gupta picture Dushyant Gupta · Dec 11, 2013 · Viewed 67.5k times · Source

I have NRPE daemon process running under xinetd on amazon ec2 instance and nagios server on my local machine.

The check_nrpe -H [amazon public IP] gives this error:

CHECK_NRPE: Error - Could not complete SSL handshake.

Both Nrpe are same versions. Both are compiled with this option:

./configure  --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/

"allowed host" entry contains my local IP address.

What could be the possible reason of this error now??

Answer

jgritty picture jgritty · Nov 7, 2014

If you are running nrpe as a service, make sure you have this line in your nrpe.cfg on the client side:

# example 192. IP, yours will probably differ
allowed_hosts=127.0.0.1,192.168.1.100

You say that is done, however, if you are running nrpe under xinetd, make sure to edit the only_from directive in the file /etc/xinetd.d/nrpe.

Don't forget to restart the xinetd service:

service xinetd restart

Related questions

How to determine SSL cert expiration date from a PEM encoded certificate?

If I have the actual file and a Bash shell in Mac or Linux, how can I query the cert file for when it will expire? Not a web site, but actually the certificate file itself, assuming I have the …

Read More
Unable to establish SSL connection upon wget on Ubuntu 14.04 LTS

I tried to download an image through wget but I got an error: Unable to establish SSL connection. wget https://www.website.com/image.jpg --2015-02-26 01:30:17-- https://www.website.com/image.jpg Resolving www.website.com (www.…

Read More
Turn a simple socket into an SSL socket

I wrote simple C programs, which are using sockets ('client' and 'server'). (UNIX/Linux usage) The server side simply creates a socket: sockfd = socket(AF_INET, SOCK_STREAM, 0); And then binds it to sockaddr: bind(sockfd, (struct sockaddr *) &serv_…

Read More