m

Had an old Citrix XenServer 5.5 system that we needed to connect to but unfortunately on my Windows 10 workstation with XenCenter 6.5 it just crapped out with “Could not create SSL/TLS Secure Channel”.

Reading around it’s a pretty straight forward issue, given the age of the server it was still using it’s original self-signed SSL certificate that was only using a 512bit RSA key. All we needed to do was re-generate a new SSL certificate that used a 1024bit key as a minimum. Below is what worked for us –

  1. Connect to your XenServer via SSH or directly via Console.
  2. Check the existing key to confirm it’s only 512bit –
    openssl x509 -in /etc/xensource/xapi-ssl.pem -text
  3. Edit the file XenServer uses to generate the self-signed cert, unfortunately this was read only for us. As we didn’t want to mess about with the original file we just copied it to /tmp with the below –
    cp /opt/xensource/libexec/generate_ssl_cert /tmp
  4. Browse to /tmp and open generate_ssl_cert in vim or nano. With this file open look for the following line and edit as below –
    Look for: openssl genrsa > privkey.rsa
    Change to: openssl genrsa 1024 > privkey.rsa
  5. Take a backup of the current cert just in case –
    cp /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem.backup
  6. Now run the following commands to renew the certificate –
    /etc/init.d/xapissl stop
    /tmp/generate_ssl_cert /etc/xensource/xapi-ssl.pem ‘hostname -f’
    /etc/init.d/xapissl start
  7. Hopefully you’re now good to go!

 

4 comments

  1. 20/09/2016 at 3:42 PM Peter Veselovsky

    I found this post very useful, however I had to make one more change; specifically in addition to editing
    openssl genrsa 1024 > privkey.rsa
    theere was one more entry in the file that needed to be edited:
    openssl gendh 1024 > dh.pem

  2. 26/09/2016 at 2:36 PM Visu

    Thank you so much! Fixed a big headache I have had for a while. I too made changes in two places as mentioned by Peter Veselovsky above.

  3. 31/10/2016 at 10:10 PM memo

    muchas gracias fue de gran ayuda

  4. 24/08/2017 at 4:34 PM Henrique Pires Martins

    Thank you!