Hi, I have the same problem. I use the last stable NSClient++ 4.3.
I try to setup ssl keys using article https://web.archive.org/web/20130120204010/http://blog.medin.name/2012/12/02/securing-nrpe-with-certificate-based-authentication/
I've generated ca, and keys for monitored host kriznb-win (vm with Windows7) and checked them:
[root@kriznb sslCA]# openssl verify -CAfile cacert.pem certs/kriznb-win.pem
Configuration on kriznb-win:
use ssl = true
allow nasty characters = false
allow arguments = false
insecure = false
extended response = true
NRPEServer = enabled
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate = security/kriznb-win.pem
certificate key = security/kriznb-win_key.pem
allowed hosts = 192.168.56.23, 127.0.0.1
cache allowed hosts = true
I have copied certificate, key to kriznb-win.
I have copied cacert.pem as ca.pem to nagios server and to kriznb-win.
On kriznb-win, there I checked by:
C:\Program Files\NSClient++>nscp nrpe --host 127.0.0.1
I (0.4.3.143 2015-04-29) seem to be doing fine...
On nagios server I issued:
[root@nagiosxi nsclient]# nscp nrpe --host kriznb-win --ca security/ca.pem --verify peer-cert --allowed-ciphers 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
E nrpe SSL handshake failed: asio.ssl error
Error: Failed to connect to: kriznb-win:5666 :asio.ssl error
In kriznb-win log file there is:
2015-08-13 13:01:34: error:D:\source\nscp\include\socket/connection.hpp:243: Failed to establish secure connection: short read: 219
Thanks in advance for help.