adding TLS support to our network

Actually TLS is still SSL. The so called difference is in the version. E.g. TLS v1.0 is actually SSLv3.1, TLS v1.1 and v1.2 are SSL v3.2 and v3.3 respectively. I believe when you mentioned stop using SSL, it means not to use the vulnerable SSL version. As of current, wesk cipher of SSLv3.0 and below should minimally be disabled and go for current use of SSLv3.3 (TLSv1.2).
https://technet.microsoft.com/en-us/library/dn786446.aspx

In that case, you should enable the TLS 1.2 as required. I suggest iiscrypto tool that can help set Windows SChannel registries to do above mentioned.
https://www.nartac.com/Blog/post/2013/04/19/IIS-Crypto-Explained.aspx

Also if need be to request for a certificate to support TLS 1.2 or otherwise minimally TLSv1.0 due to service that can support at that lower version only...like Exchange server which most say the lower version is more stable.
So have make a new request from the web server e.g. IIS make give that Cert Service request to your internal CA or.3rd party CA to generate the certificate needed to refurnish.

we are running Windows 2012 server with exchange server v2010. we have an Ssl certificate issued by rapid, which is about 2 years old.

we need to secure our browsers to work with an external 3rd party website who are the ones informing us that we need to make sure we can communicate with them using TLS, rather than Ssl.

does that help?

thanks

Browsers that are being aged/edged out IE 8 which has sslv3 and tls1.0 support many have started phasing out sslv3 support on their server through registry on Windows schannel/crypto OpenSSL.conf config changes !sslv3.... On Linux/Unix systems.

so many good, helpful answers. Many thanks to all.