Had an old Citrix XenServer 5.5 system that we needed to connect to but unfortunately on my Windows 10 workstation with XenCenter 6.5 it just crapped out with “Could not create SSL/TLS Secure Channel”.
Reading around it’s a pretty straight forward issue, given the age of the server it was still using it’s original self-signed SSL certificate that was only using a 512bit RSA key. All we needed to do was re-generate a new SSL certificate that used a 1024bit key as a minimum. Below is what worked for us –
- Connect to your XenServer via SSH or directly via Console.
- Check the existing key to confirm it’s only 512bit –
openssl x509 -in /etc/xensource/xapi-ssl.pem -text
- Edit the file XenServer uses to generate the self-signed cert, unfortunately this was read only for us. As we didn’t want to mess about with the original file we just copied it to /tmp with the below –
cp /opt/xensource/libexec/generate_ssl_cert /tmp
- Browse to /tmp and open generate_ssl_cert in vim or nano. With this file open look for the following line and edit as below –
Look for: openssl genrsa > privkey.rsa
Change to: openssl genrsa 1024 > privkey.rsa
- Take a backup of the current cert just in case –
cp /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem.backup
- Now run the following commands to renew the certificate –
/tmp/generate_ssl_cert /etc/xensource/xapi-ssl.pem ‘hostname -f’
- Hopefully you’re now good to go!