Correcting SSL handshake error in nagios

When the  “CHECK_NRPE: Error – Could not complete SSL handshake” error is shown in nagios, please follow the steps to correct it
———-
1) Same nrpe version

Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.

You can check this from nagios server by command
—-
/usr/local/nagios/libexec/check_nrpe -H clientserverip -p portno

2) SSL is disabled.

Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches)

3) Incorrect file permissions.

Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.

4)Pseudo-random device files are not readable.

Permission of  /dev/*random should be 666

5)Unallowed address.

If you’re running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say “only_from = xxx.xxx.xxx.xxx”, where xxx.xxx.xxx.xxx is the IP address that you’re connected to the NRPE daemon from.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: