Windows Server IIS TLS 1.2 Security for Realex Payments

Realex Payments recently announced that it will be ending support for TLS Version 1.0 and 1.1 and began sending emails out letting their customers know of this change.

I have written this guide which should help people use security best practices on an IIS Windows server, which should address the new Realex security requirements.

Please note that in order for the changes to take effect you will need to restart your server.

Preconditions

This guide is only for servers running Windows and IIS. 

Your Web Applications (Web Sites) will also need to have an SSL Cert.

Step 1: Download IIS Crypto 2.0

Go to Nartac and download IISCrypto.exe to your server.

Step 2: Run IIS Crypto 2.0

Run the executable you just downloaded. It is a portable program so it doesn’t install anything. The program should display a screen similar to the one shown here.

Step 3: Click the Best Practices Button

On the screen click the “Best Practices” button on the bottom left or select the options you want. The window should then look like the screen below. Once you are happy with the selected tick boxes. Click the “Apply” button.

Step 3: Restart your Server

After you clicked “Apply” you will need to reboot your server. IIS Crypto will tell you to do this (it will not reboot the server for you).

Step 4: Check your server at Qualys SSL Labs

Once your server and IIS has come back online you will need to check the rating of your server. Enter the URL of the site or the IP address of the server and have Qualys SSL test your server. You will want to get at least an A rating for server. If you do not get an A rating you will need to review your server’s security settings and re-run the SSL Report.

 I hope this helps anyone who may want to update their servers security.