We use IIS to create the CSR and to complete the Certificate Request.
We use the Computer Certificates MMC to export that certificate to .PFX.
When exporting with the intent to import the .PFX into Azure we run the following steps:
- Open the Computer Certificates MMC
- Navigate into the Personal –> Certificates store
- Right click on the newly acquired certificate and click All Tasks –> Export
- Click Next on the Welcome to the Certificate Export Wizard
- Choose to export the Private Key
- Choose the Include all certificates… and Export all extended properties options
- Set a password and choose the Encryption: TripleDES-SHA1 setting
- Set a Path for the .PFX file
- The file _must_ have the following structure: FileName.PFX
- In the Azure Portal click on the web site then TLS/SSL settings in the left hand column
- Click on Private Key Certificates (.pfx)
- Click on Upload Certificate
- Choose the local .PFX file
- Set the password
- Once done, click on Bindings
- Click on the site to change its certificate
- Select the newly uploaded certificate under the Private Certificate Thumbprint dropdown list
- Click the Add Binding button
Note that the Azure Portal tends to change a bit over time so the above instructions are as of this writing.