Oct 062015
When using Citrix XenCenter 6.5, I was suddenly unable to connect to a XenServer instance running 6.2. The following was in the XenCenter Event log.
Failed to connect to foo.example.com The request was aborted: Could not create SSL/TLS secure channel.
This was not due solely to the version mismatch but, seemingly, to an update in XenCenter which forces stricter SSL checks. The only difference I found was that the XenServer instance I was unable to connect to had a cert containing an old IP address.
The first thing I did was update the parameters used to generate the SSL certificate
vim /opt/xensource/libexec/generate_ssl_cert
Then I was able to simply regenerate the certificate using the new parameters (and giving the resulting certificate the new IP address)
/opt/xensource/libexec/generate_ssl_cert /etc/xensource/xapi-ssl.pem $(hostname -f) && /etc/init.d/xapi start
Once completed, I was able to connect successfully.
Any suggestions on what to do on older versions of XenServer? I have a few server running 5.5 and I’m unable to modify /opt/xensource/libexec/generate_ssl_cert, tells me filesystem is read-only.
The same procedure should work. I am having no issues making changes to the script on 5.5. Alternatively, you could simply copy the script elsewhere to do the cert generation.
Ideally, though, you and I should both be reinstalling anything older than 6.2 since neither is getting the latest security releases 🙂
I am trying to connect to XenServer 5.6.0 via XenCenter 7
I am getting certificate\s issues
Unable to connect server “Server’s IP” Couldn’t create SSL/TSL secure channel
I tried the way to create certificate, I can telnet port 443 (SSL) but I cannot add the server to XenCenter.
The procedure used is as follow:
service xapissl stop
mv /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem.bak
/opt/xensource/libexec/generate_ssl_cert “/etc/xensource/xapi-ssl.pem” ‘10.10.6.27’
service xapissl start
xe-toolstack-restart
That appears to me to be a slightly different error than the one I received. Unfortunately, I no longer use Citrix XenServer/XenCenter and am unable to provide any insight as to what the problem might be. I would verify that DNS lines up with the “hostname” that you are using (in this case, 10.10.6.27).