-
Exploring the XenCenter workspace
-
-
Connecting and Disconnecting Servers
-
Install a TLS certificate on your server
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Install a TLS certificate on your server
The XenServer host comes installed with a default TLS certificate. However, to use HTTPS to secure communication between XenServer and Citrix Virtual Apps and Desktops, install a certificate provided by a trusted certificate authority.
This article contains information about how to use certificates in XenCenter. For information about working with certificates by using the xe CLI, see Hosts and resource pools.
Requirements
Ensure that your TLS certificate and its private key meet the following requirements:
- The certificate and key pair are an RSA key
- The key matches the certificate
- The key is provided in a separate file to the certificate
- The certificate is provided in a separate file to any intermediate certificates
- The key file must be one of the following types:
.pem
or.key
- Any certificate files must be one of the following types:
.pem
,.cer
, or.crt
- The key is greater than or equal to 2,048 bits and less than or equal to 4,096 bits in length
- The key is an unencrypted PKCS #8 key and does not have a passkey
- The key and certificate are in base-64 encoded ‘PEM’ format
- The certificate is valid and has not expired
- The signature algorithm is SHA-2 (SHA256)
XenCenter warns you when the certificate and key you choose do not meet these requirements.
Install a certificate
You can use XenCenter to install a certificate that is on the XenCenter system into a XenServer host.
To install a certificate on a XenServer host, you must have the Pool Admin role and the XenServer host must not have HA enabled.
-
Go to the Install Certificates dialog. You can get to this dialog in one of the following ways:
- In the Server menu, select Install Certificates.
- Right-click on the host in the resources pane and choose Install Certificates from the context menu.
- In the General tab of the host, right-click on the Certificates section and choose Install Certificates from the context menu.
- In the Install Certificates dialog, browse to the location of the private key file and select it.
- Browse to the location of the server certificate file and select it.
-
You can choose to add any number of intermediate certificates from the certificate chain.
- Click Add
- Browse to the location of one or more intermediate certificates and select them.
-
Click Install.
XenCenter validates and installs the certificates.
- If there is a problem with a certificate, XenCenter shows an error message. Attempt to correct the problem and click Install again.
- If the certificate is installed successfully, XenCenter shows a success message. You can now click Close to close the dialog.
When the certificate on a XenServer host is changed, the host closes any open connections. XenCenter expects this behavior and reopens the connection with the XenServer host. However, you might have to manually reopen any other connections that were previously open to the host - for example, from another API client or the remote xe CLI.
View certificate information
In the General tab for a XenServer host, a section called Certificates displays the following information for the host:
- The certificate validity period. This text appears red when the certificate is approaching its expiry date.
- The certificate thumbprint
The General tab for a XenServer pool displays the following information for the pool:
- The General section has an entry for Certificate Verification which shows whether certificate verification is enabled or disabled.
- The Certificates section lists the name, validity, and thumbprint for the CA certificates.
Enabling certificate verification for your pool
Certificate verification is enabled by default on fresh installations of XenServer 8 and later. For more information, see Certificate verification.
If you upgrade from an earlier version of XenServer, certificate verification is not enabled automatically and you must enable it. XenCenter prompts you to enable certificate verification the next time you connect to the upgraded pool.
Before enabling certificate verification on a pool, ensure that no operations are running in the pool.
XenCenter provides several ways to enable certificate verification.
- When first connecting the XenCenter to a pool without certificate verification enabled, you are prompted to enable it. Click Yes, Enable certificate verification.
- In the Pool menu, select Enable Certificate Verification.
- On the General tab of the pool, right-click the entry Certificate Verification and choose Enable Certificate Verification from the menu.
Reset server identity certificates
You can reset the server identity certificate from XenCenter or the xe CLI. Resetting a certificate deletes the certificate from the host and installs a new self-signed certificate in its place.
To reset a certificate in XenCenter:
- Go to the General tab for the host.
- In the Certificates section, right-click on the certificate you want to reset.
- From the menu, select Reset Certificate.
- In the dialog that appears, click Yes to confirm the certificate reset.
Alternatively, in the Server menu, you can go to Certificate > Reset Certificate.
When you reset a certificate, any existing connections to the XenServer host are disconnected — including the connection between XenCenter and the host.
For information about resetting a certificate by using the xe CLI, see Certificate verification.
Certificate alerts
When your certificates are nearing their expiry date, XenCenter shows alerts in the Alerts section of the Notifications tab. You can choose to open the Install Certificates dialog from the action menu of these alerts.
For more information about alerts, see XenCenter Alerts.
Related documentation
XenServer 8
Citrix Hypervisor 8.2 Cumulative Update 1
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.