This is an old revision of the document!
Table of Contents
Configure TLS 1.2 as default secure Protocol On Windows Server 2008 R2 SP1
Let say you are running Exchange Server 2010 installed on Windows Server 2008 R2 SP1 x64(bit), and when you remotely open Outlook Web Access (OWA to the Exchange Server) in your Google Chrome web browser it alerts you that the installed SSL certificate is insecure. When you check the detail about the SSL certificate, the web browser is letting you know that the configured SSL protocols on the server are deprecated.
Get an SSL Report of your Web Server's TLS and SSL configuration
As the Administrator, you first run an SSL Test and analysis of your webserver using the Qualys SSL Labs' SSL test from here: https://ssllabs.com/ssltest/ in order to analyze which Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols are available, enabled and/or set as default within the registry of your Server. Before inputting your server's web address to run these tests and to obtain a report, it is recommended for the sake of your webserver's privacy that you check the checkbox next to: “Do not show the results on the boards.”
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows
This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1.
To obtain the stand-alone package for this update, go to the Microsoft Update Catalog website here: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245 and download and install the catalog update applicable to your server, such as “Update for Windows Server 2008 R2 x64 Edition (KB3140245).
Prerequisites for your server: To apply this update, you Windows Server 2008 R2 must have installed Service Pack 1 (SP1) for Windows 7 or Windows Server 2008 R2.
To understand why this update is or may be necessary, please review this Microsoft Support article: https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392