我正在尝试在我的Nagios服务器(check_nrpe)和运行NSClient且启用了NRPE守护程序的Windows主机之间建立安全通信。 我相信,我已经在nsclient.ini中正确定义了cert指令,但是当我启动NSClient ++时,它创建了一个新的证书.pem'并将其放在安全目录中。 任何人都可以帮助我理解为什么NSClient忽略了我提供的证书并创建了自己的证书吗?
这是nsclient.ini:
[/settings/default]
; Undocumented key
password = nagiospass1
; Undocumented key
allowed hosts = xxx,xxx
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca = C:\Program Files\NSClient++\security\ca_cert.pem
certificate = C:\Program Files\NSClient++\security\client_cert.pem
certificate key = C:\Program Files\NSClient++\security\client_key.pem
[/settings/NRPE/server]
allow arguments = 1
allow nasty characters = true
timeout = 45
verify mode = peer-cert
use ssl = 1
ssl_client_certs = 2
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate = C:\Program Files\NSClient++\security\client_cert.pem
certificate key = C:\Program Files\NSClient++\security\client_key.pem
ca = C:\Program Files\NSClient++\security\ca_cert.pem
dh=