An error has crept into the Exchange 2019 RTM version that can lead to certificate warnings despite valid and correct certificates. This is caused by incorrectly configured cipher suites that do not contain support for HTTP/2. This leads to warnings in some browsers when accessing OWA or ECP, for example. The problem only occurs in the Exchange RTM version and will be fixed with CU1 for Exchange 2019.
I have not yet been able to reproduce the problem in my test environment. Chrome, Edge and Firefox work with certificates from my test certification authority without any problems, but that doesn't mean anything.
Most certificate warnings or errors are caused by incorrectly configured certificates or hostnames, but if you are already using the Exchange RTM version, you should configure the TLS cipher suites accordingly. Microsoft has published a small script that does the job.
The script can be found here:
The script can be executed in the normal Windows Powershell. It is not necessary to restart the Exchange services.
The Exchange RTM version has the version number 15.2 (Build 221.12). Newer Exchange 2019 versions should therefore no longer contain this error.
The versions of the Exchange servers can be checked with the following command:
Get-ExchangeServer | ft name,AdminDisplayVersion
Until CU1 for Exchange 2019 is released, you should therefore keep this problem in mind. CU1 for Exchange 2019 is not expected to be released until March 2019:
