Might be worth looking at encryption cyphers - 2406 disables older cyphers and protocols (SSL 3, TLS 1.0 and 1.1). This could impact certs from older private CAs.
https://docs.omnissa.com/bundle/Horizon-Security/page/OlderProtocolsandCiphersDeactivatedinHorizon.html