Do you consider your website secure after installing an SSL certificate on it? Well, a website with an SSL certificate is definitely more secure compared to a website without one. However, SSL is just a foundation that provides an encrypted channel between the server where the website is hosted, and website visitors. There is a number of possible attack vectors, and simple SSL installation can’t mitigate an attack, that’s why additional effort to ensure security is required from a certificate administrator.
These articles contain step-by-step guides for security enhancements a certificate administrator may apply in Windows Server environment, specifically for IIS 8.5, though most of the features described are also applicable for IIS 8, IIS 7.5 and IIS 7.0

• HTTP to HTTPS redirection
• HTTP Strict Transport Security(HSTS)
• HTTP Public Key Pinning (HPKP)
• Disabling SSLv3
• Disabling RC4
• Disabling SHA-1
• Cipher Suites Configuration (and forcing Perfect Forward Secrecy)
• OCSP Stapling