Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Currently, the New-ExchangeCertificate cmdlet uses the SHA-256 hash algorithm instead of the less secure SHA-1. However, the automatic creation of a default self-signed authentication certificate that occurs during the Setup program calls a different code path than the path that's called by the cmdlet. This causes the program to issue certificates by using the SHA-1 hash algorithm.


To fix this issue, install one of the following updates:

Cumulative Update 11 for Exchange Server 2019 or a later cumulative update for Exchange Server 2019

Cumulative Update 22 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016

Important: Our testing indicates that this fix works on only fresh installations. If you apply this fix on an upgraded installation, the program might continue to experience this issue.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!