1. Home
  2. Knowledge Base
  3. Web Server Configuration Guides
  4. Enabling TLS 1.2
  5. How to enable TLS 1.2 on Windows Server 2008/2016

How to enable TLS 1.2 on Windows Server 2008/2016

 

Note: IF you are running Windows Server 2008 you will need to download the following update before proceeding:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

  1. In the Windows start menu, type regedit and open it

  2. We strongly recommend backing up your current registry before making any changes. This can be done by clicking File, then Export and the save the backup at a safe location

  3. Go to the following path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols



  4. Right-click on the empty space in the pane on the right side and choose New > Key

  5. Name the new key TLS 1.2

  6. Right-click the empty space on the right side again and add two new keys named Client and Server

  7. Select the Client key, right-click on the right side, and select New -> DWORD (32-bit) Value

  8. Name the DWORD DisabledByDefault, right-click on it, and select Modify. The base should be set to Hexadecimal and the value set to 0:



  9. Create a new DWORD with the name Enabled. The base should be set to Hexadecimal and the value set to 1

  10. Repeat the process for the Server key, creating the same DWORDS with the same values

  11. Exit the registry and reboot your server

If anything goes wrong, you can revert to your initial registry settings by double-clicking your registry backup file created in step 2.

You can check if your configuration is correct by looking up your site in our SSL Labs checker:

https://trustzone.ssllabs.com

In the Configuration section, you can see the protocols enabled for your site.

You can check which protocols are supported on a different version of Windows by following this link:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl–schannel-ssp-

TRUSTZONE: Your reliable partner

TRUSTZONE was founded in 2004 and has since been the leading SSL/TLS certificate provider in Scandinavia. We also lead the way in supplying the scalable PKI and IoT solutions for encryption, authentication, and automated certificate lifecycle management.

The solutions we offer meet the requirements of various types of companies and organizations. What your business is certain to gain is a complete palette of compatibility-optimized, fully scalable certificate products and solutions.

Our options are tailored to meet the needs of up-and-coming startups as well as those of global companies. No matter if you are in for a few SSL/TLS certificates or you opt for enterprise-grade solutions, at TRUSTZONE, we have got you covered.

We trust you want your company’s operation to run seamlessly and therefore it is essential you focus on the continuity of your SSL certificates. Prevention of their expiration by automating the whole process through SL360 can help with SSL monitoring and renew SSL certificates in 1 click.

Was this article helpful?