Description
The TLS / SSL cert for the website fails, as it has been issued for *.cloudaccess.net, and not for xenserver.org, when accessing https://xenserver.org or https://www.xenserver.org
If you click through and accept the certificate anyway, you get an error from it sending you to the wrong server. This is really bad for being the official website for a major hypervisor, as it means we have no way of knowing whether we've downloaded an authentic and unmodified copy of the software.
The site that links to the ISO should have TLS as otherwise it could be MitM'd to point to another ISO. Secondly, the download link to the ISO (http://downloadns.citrix.com.edgesuite.net/11616/XenServer-7.0.0-main.iso) rejects TLS connections, as the certificate is for Akamai, not for the very misleading URL downloadns.citrix.com.edgesuite.net. There is no indication in my mind that edgesuite.net is even a legitimate website, as there's nothing there at the domain/URL apart from an error!
It's really easy to get a valid, free certificate from somewhere such as Let's Encrypt ( https://letsencrypt.org/ ).
I think it is really important that all connections to this site use a valid TLS certificate, and use TLS 1.2 by default.