XenServer: Unknown Error Occurred Connecting with XenCenter

When connecting to XenServer 5.5 from XenCenter on up to date Windows devices, you get an Unknown Error. To fix this, we need to generate a stronger SSL certificate. The logs below show the errors and locations to verify that this is the issue.

I couldn’t find all of this information easily consolidated into once place and hopefully this will save someone time if they come across the same issues.

XenCenter Logs

Location: %appdata%\Citrix\XenCenter\logs\XenCenter.log

2017-10-17 13:05:08,154 DEBUG XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - XenConnection: trying to connect to 192.168.10.24
2017-10-17 13:05:08,661 DEBUG XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - The request was aborted: Could not create SSL/TLS secure channel.
2017-10-17 13:05:08,661 WARN  XenAdmin.Network.XenConnection [Connection to xxx.xxx.xxx.xxx] - XenConnection: failed to connect to 192.168.10.24: The request was aborted: Could not create SSL/TLS secure channel.
2017-10-17 13:05:08,661 DEBUG XenAdmin.Actions.Action [Connection to xxx.xxx.xxx.xxx] - The request was aborted: Could not create SSL/TLS secure channel.

(Source: Citrix: XenCenter Event Log)

XenServer Logs

Location: /var/log/secure

Oct 17 13:06:29 xen-105519 stunnel: LOG5[15145:3085974416]: xapi connected from xxx.xxx.xxx.xxx:55170
Oct 17 13:06:29 xen-105519 stunnel: LOG3[15145:3085974416]: SSL_accept: Peer suddenly disconnected
Oct 17 13:06:29 xen-105519 stunnel: LOG5[15145:3085974416]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

(Source:Xencenter 6.5 and 7 “unknown error” while connecting to XenServer 5.6.0)

Fix :

Through SSH or Console Access do the following
Verify the key is 512

openssl x509 -in /etc/xensource/xapi-ssl.pem -text

Because the file that generates it is read only, create a copy in the temp directory.

cp /opt/xensource/libexec/generate_ssl_cert /tmp

Use vi to edit the new file.

vi /tmp/generate_ssl_cert

Update the following line to look like the one below it by pressing i to insert text.

openssl genrsa > privkey.rsa
openssl genrsa 1024 > privkey.rsa

Press escape followed by k, then type !wq to write changes to the file and quit without prompting.

Backup the existing cert.

cp /etc/xensource/xapi-ssl.pem /etc/xensource/xapi-ssl.pem.backup

Stop the xapissl service.

/etc/init.d/xapissl stop

Generate the new SSL cert.

/tmp/generate_ssl_cert /etc/xensource/xapi-ssl.pem ‘hostname -f’

Start the xapissl service.

/etc/init.d/xapissl start

(Source: WebbosWorld: XenCenter Could not create SSL/TLS Secure Channel)

https://italcultur.com/