NSClient++ version on Linux - nrpe SSL handshake failed


I am trying to setup NSClient++ on a Nagios Server (running RHEL 6.5). I installed NSClient++ by referring to this article -

. The setup was successful.

I want to setup SSL communication between the Nagios server (running the NSClient++ that I installed) and my monitored Windows host, also running NSClient++ version I referred to this blog for securing the NRPE communication - https://web.archive.org/web/20130120204010/http://blog.medin.name/2012/12/02/securing-nrpe-with-certificate-based-authentication/

I have been able to complete all the steps in this blog upto the section “Enabling Trust”. However, I am running into an error when trying to complete the steps described in the section “Better trust” -

On the nagios server I run the command:

# nscp nrpe host= allowed-ciphers=ALL ca=/usr/share/nsclient/security/ca.pem certificate=/usr/share/nsclient/security/client_cert.pem certificate-key=/usr/share/nsclient/security/client_key.pem
E       nrpe SSL handshake failed: asio.ssl error
Error: Failed to connect to: :asio.ssl error

Here are the log messages related to the error:

2016-07-19 04:46:38: error:/source/nscp/include/socket/connection.hpp:243: Failed to establish secure connection: asio.ssl error: 1
2016-07-19 04:46:38: error:/source/nscp/include/socket/client.hpp:193: SSL handshake failed: End of file

Here is the nsclient.ini settings on my Nagios server:


module-path = /usr/lib/nsclient/modules/
shared-path = /usr/share/nsclient/
log-path = /var/log/nsclient


file name = ${log-path}/nsclient.log
date format = %Y-%m-%d %H:%M:%S
level = debug


max size = 0


submit url = https://crash.nsclient.org/post
submit = false
archive = true
restart = true
archive folder = ${shared-path}/crash-dumps
restart target = NSCP


CheckSystemUnix = enabled
NRPEServer = enabled


allow nasty characters = true
insecure = false
extended response = true
port = 5666
use ssl = true


[/settings/shared session]

enabled = false


allowed hosts =,
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate = /usr/share/nsclient/security/client_cert.pem
certificate key = /usr/share/nsclient/security/client_key.pem
ca = /usr/share/nsclient/security/ca.pem
verify mode = peer-cert

The CA cert has been generated on the Linux Nagios server, and both the Nagios server and the Windows Host are using this CA. Can someone help me with this issue?

Thanks, Vivek


are you using nsclient++ on both side?


Yes, using nsclient++ on both sides. I installed NSCP- on the Nagios Server (RHEL 6). The Windows client is running nsclient++ 4.4.19. I will upload the details of how I did the installs on both ends.


I have uploaded the following 2 docs to this google drive location: https://drive.google.com/folderview?id=0B2Lq6w1lB_k5VW9MTVhKUHAtNVE&usp=sharing

  1. NSClient++ installation on Windows : Describes how I installed NSClient++ on my Windows system and setup monitoring from my Nagios Server (RHEL 6) using NRPE

  2. NSClient++ install on Nagios Server: Describes how I installed NSClient++ on my Nagios server (RHEL 6) and attempted to follow the directions at this link: https://web.archive.org/web/20130120204010/http://blog.medin.name/2012/12/02/securing-nrpe-with-certificate-based-authentication

The 2nd doc (NSClient setup on Nagios server) is where I am running into issues


Just curious (quite late to the game) if you got any further and have this working.