WithSecure Email and Server Security web console cannot be displayed

Issue:

After WithSecure Email and Server Security installation is complete and I try to access the web console, I get this error:
F-Secure Email and Server Security web console cannot be displayed
This page cannot be displayed.
Enable TLS 1.0, TLS 1.1 and TLS 1.2 in the advanced settings and try to connect again.
If the error still occurs, this website may be using an unsupported protocol or an unsupported encryption collection such as RC4 (link to details), which are considered insecure. Contact the Website Administrator.

Resolution:

Verify if TLS 1.0, 1.1 and 1.2 are enabled. Our advise is to use 1.2
How do I know if TLS is enabled?

Launch Internet Explorer
Enter the URL you wish to check in the browser
Right-click the page or select the Page drop-down menu, and select Properties.
In the new window, look for the Connection section. This will describe the version of TLS or SSL used

There are three tasks for enabling TLS 1.2 on clients:

Update Windows and WinHTTP
Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level
Update and configure the . NET Framework to support TLS 1.2

How do you check if TLS 1.2 is enabled in registry?
Ensure HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault registry key is present and the value is 0.

Try to disable HTTP 2.0 like mentioned in chapter 7.2 Checking the web console https://help.f-secure.com/data/pdf/fsess14.00-adminguide-eng.pdf

Navigate to the folder/path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Under the _Parameters_ folder, right-click the white-space, add 2 new DWORD (32-bit) values: * EnableHttp2Tls
* EnableHttp2Cleartext
Ensure both new values have been set to {{0}}(disabled) by right-clicking the value and clicking "Modify..."
Restart the OS.

Use self-signed certificate

Go to you Exchange Server locally C:\Program Files (x86)\F-Secure\Email and Server Security\ui
Run F-Secure.Ess.Config as administrator
Make sure you select 'Use self-signed certificate (NOT SECURE!) Setup 7/8 if you dont have a certificate.
Complete the setup and try to access the web console

Verify that 'Local ESS Web Console Self Signed Cert' is set for Site Binding in IIS

In Administrative Tools, start Internet Information Services (IIS) Manager
Go to Sites > EssWebConsole
Select Bindings
Select https entry that has Port 25023 and IP Adresss
Click on edit and make sure 'Local ESS Web Console Self Signed Cert' is selected

Logging in for the first time
Before you log in to the Web Console for the first time, check that javascript and cookies are enabled in the browser you use.

Note: We recommend that you use your company's own security certificate for the Web Console.
Note: Microsoft Internet Explorer users: The address of the Web Console, for example https://127.0.0.1:25023/,
should be added to the Trusted sites in Internet Explorer Security Options to ensure that it works properly in every environment.
Note: Try to use different Browser like IE, Firefox, or Chrome. Edge is not supported.

If you still have issues with accessing web Console, please check Article no: 000022837

Article no: 000029110