How to secure connection between check_nrpe and NSClient++


Hello guys, I run a ubuntu server with nagios core 4 installed. I’m compiled the check_nrpe plugin with ssl enabled from nrpe 3.0.1 and installed it. The machine i want to monitor runs Windows Server 2012 and nsclient++ v. I want to secure the communication between both with either ssl or a ca certificate. I generated the certs as mentioned in the in the nrpe 3.0.1 folder.

I entered the host IP in the settings .ini file, the plain connection works!

This is my nsclient.ini: [/settings/NRPE/server]

insecure = false
use ssl = true 
ssl options = no-sslv2,no-sslv3
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
port = 5666
verify mode = peer-cert
certificate = ${exe-path}\db_server.pem
certificate key = ${exe-path}\db_server.key
ca= ${exe-path}\ca_cert.pem
allow nasty characters = 1
allow arguments = 0 
extended respone = 0

On my nagios machine i’m using this command: ./check_nrpe -H certificate-key=NSCP_Client/NSCP_Client.key certificate=NSCP_Client/NSCP_Client.pem ca=NSCP_Client/ca.pem verify=peer-cert -c check_cpu

I always geht this error: 2017-04-12 10:31:41: debug:c:\source\master\include\nrpe/server/protocol.hpp:72: Accepting connection from:, count=1 2017-04-12 10:31:41: error:c:\source\master\include\socket/connection.hpp:257: Failed to establish secure connection: sslv3 alert handshake failure: 1040

Is there any simple way to secure the connection between the check_nrpe plugin on linux and the nsclient++ on windows?


Is there any difference in the “check_nrpe” plugin that comes with nrpe v3.0.1 and the one coming with nsclient++? I am using the “check_nrpe” from the nrpe install with my nsclient++. Does SSL/Cert. work with this setup? If not what do I need?


I am most interested in learning about this as well, I will keep an eye on this post.