Hardening SSL/TLS configuration on IIS 8.5
Do you consider your website secure after installing an SSL certificate on it? Well, a website with an SSL certificate is definitely more secure compared to a website without one. However, SSL is just a foundation that provides an encrypted channel between the server where the website is hosted, and website visitors. There is a number of possible attack vectors, and simple SSL installation can’t mitigate an attack, that’s why additional effort to ensure security is required from a certificate administrator.
These articles contain step-by-step guides for security enhancements a certificate administrator may apply in Windows Server environment, specifically for IIS 8.5, though most of the features described are also applicable for IIS 8, IIS 7.5 and IIS 7.0