我正在尝试在我的 Nagios 服务器 (check_nrpe) 和运行 NSClient 且启用了 NRPE 守护程序的 Windows 主机之间建立安全通信。我相信我已经正确定义了 nsclient.ini 中的 cert 指令,但是当我启动 NSClient++ 时,它会创建一个新的“certificate.pem”并将其放在安全目录中。谁能帮我理解为什么 NSClient 会忽略我提供的证书并创建自己的证书?
这是 nsclient.ini:
[/settings/default]
; Undocumented key
password = nagiospass1
; Undocumented key
allowed hosts = xxx,xxx
use ssl = 1
verify mode = peer-cert
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
ca = C:\Program Files\NSClient++\security\ca_cert.pem
certificate = C:\Program Files\NSClient++\security\client_cert.pem
certificate key = C:\Program Files\NSClient++\security\client_key.pem
[/settings/NRPE/server]
allow arguments = 1
allow nasty characters = true
timeout = 45
verify mode = peer-cert
use ssl = 1
ssl_client_certs = 2
allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate = C:\Program Files\NSClient++\security\client_cert.pem
certificate key = C:\Program Files\NSClient++\security\client_key.pem
ca = C:\Program Files\NSClient++\security\ca_cert.pem
dh=