Although SSL is supported by IIS, you have to get a server certificate before using it. A server certificate is an Authenticated ID for the server, which you can apply from a commercial Certificate Authority or a similar organization inside your company.
If you already have a certificate, then you need to install it onto the IIS Server. A certificate can only be installed to one site. After a certificate is installed, the client can request a URL starting with HTTPS:// to secure the connection.
Normally SSL will only be used when login is required. To force all requests secured by SSL, select Require SSL Channel in the directory security tab of the virtual directory properties dialog. But the trade-off between the performance and the security before doing so must be considered.