Title:
Debugging " CHECK_NRPE: Error - Could not complete SSL handshake" errors
FAQ ID:
F0191
Submitted By:
Greg Haygood, Ethan Galstad and Others
Last Updated:
11/03/2004

Description:
When attempting to use the check_nrpe plugin, the following error message is printed:
CHECK_NRPE: Error - Could not complete SSL handshake

Solution:
This error message could be due to several problems:

1:Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.

2:SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches).

3:Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.

4:Pseudo-random device files are not readable. Greg Haygood noted the following... "After wringing my hair out and digging around with truss, I figured out the problem on my Solaris 8 boxen. The files /devices/pseudo/random* (linked through /dev/*random, and provided by Sun patch 112438) were not readable by the nagios user I use to launch NRPE. Making the character devices world-readable solved it."
Unallowed address. If you're running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say "only_from = xxx.xxx.xxx.xxx", where xxx.xxx.xxx.xxx is the IP address that you're connected to the NRPE daemon from.