When connecting to XenServer 5.5 from XenCenter on up to date Windows devices, you get an Unknown Error. To fix this, we need to generate a stronger SSL certificate. The logs below show the errors and locations to verify that this is the issue.
I couldn’t find all of this information easily consolidated into once place and hopefully this will save someone time if they come across the same issues.
XenCenter Logs
—
Location: %appdata%\Citrix\XenCenter\logs\XenCenter.log
2017-10-17 13:05:08,154 DEBUG XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - XenConnection: trying to connect to 192.168.10.24 2017-10-17 13:05:08,661 DEBUG XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - The request was aborted: Could not create SSL/TLS secure channel. 2017-10-17 13:05:08,661 WARN XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - XenConnection: failed to connect to 192.168.10.24: The request was aborted: Could not create SSL/TLS secure channel. 2017-10-17 13:05:08,661 DEBUG XenAdmin.Actions.Action [Connection to xxx.xxx.xxx.xxx] - The request was aborted: Could not create SSL/TLS secure channel.
(Source: Citrix: XenCenter Event Log)
XenServer Logs
—
Location: /var/log/secure
—
Oct 17 13:06:29 xen-105519 stunnel: LOG5[15145:3085974416]: xapi connected from xxx.xxx.xxx.xxx:55170 Oct 17 13:06:29 xen-105519 stunnel: LOG3[15145:3085974416]: SSL_accept: Peer suddenly disconnected Oct 17 13:06:29 xen-105519 stunnel: LOG5[15145:3085974416]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
(Source:Xencenter 6.5 and 7 “unknown error” while connecting to XenServer 5.6.0)
Fix :
—
Through SSH or Console Access do the following
Verify the key is 512
openssl x509 -in /etc/xensource/xapi-ssl.pem -text
Because the file that generates it is read only, create a copy in the temp directory.
cp /opt/xensource/libexec/generate_ssl_cert /tmp
Use vi to edit the new file.
vi /tmp/generate_ssl_cert
Update the following line to look like the one below it by pressing i to insert text.
openssl genrsa > privkey.rsa
openssl genrsa 1024 > privkey.rsa
Press escape followed by k, then type !wq to write changes to the file and quit without prompting.
Backup the existing cert.
cp /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem.backup
Stop the xapissl service.
/etc/init.d/xapissl stop
Generate the new SSL cert.
/tmp/generate_ssl_cert /etc/xensource/xapi-ssl.pem ‘hostname -f’
Start the xapissl service.
/etc/init.d/xapissl start
(Source: WebbosWorld: XenCenter Could not create SSL/TLS Secure Channel)