Here is my cheat sheet so I can remember how to install an SSL certificate.
Create the Certificate Request
In Windows 7 from the Administrative Tools menu, start Internet Information Services (IIS) Manager. (Of course IIS needs to be installed on your computer. If it isn’t, open Programs and Features from Control Panel. Select Turn Windows features on or off. Under Web Management Tools, make sure that IIS Management Console is checked.)
In the Internet Information Services (IIS) Manager, double click on Server Certificates. On the right, click Create Certificate Request. Complete the request similar to this screen shot.
Select Microsoft RAS SChannel Cryptographic Provider and 2048 bit length.
On the final page, provide a file name. Make note of the folder where the text file will be created.
Submit the Request
I use NameCheap.com (good prices and good service). After purchasing the SSL, select Activate.
For the web server, select Microsoft Internet Information Server. Open the text file from the Certificate Request. Copy all of the text (including the BEGIN and END markers) and paste it in the “Enter CSR” box. Click Next.
Select the desired approver e-mail. Make sure that you (or someone that you notify) has access to this e-mail account.
For the Contact Info page, enter your e-mail address so that you will receive the certificate.
Approve the Request
When the approver e-mail arrives (which can take a few hours), you will need to click the link in the e-mail. Then on the web page, click the “Approve” button.
Downloading a Geotrust Certificate
The following steps are from https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=SO15183
Access the GeoTrust User portal
Provide the common name, technical contact e-mail address associated with the SSL order, and the image number generated from the GeoTrust User Authentication page.
Select Request Access against the correct order ID.
An e-mail will be sent to the technical contact e-mail address specified above.
Click on the link listed in the e-mail to enter the User Portal.
Click “View Certificate Information”
Select PKCS7 from the drop down, save the p7s file to your server.
Note: The pkcs7 certificate is a certificate bundle that includes the SSL certificate file and any intermediates that are included in the certificate chain. The x509 certificate is the SSL certificate by itself as a single file.
Rename the mydomain.p7b (or mydomain.p7s) file to mydomain.cer.
Completing the Request in IIS
From the Internet Information Services (IIS) Manager, select Server Certificates. On the right under Actions, click Complete Certificate Request. Select the mydomain.cer file that you downloaded. Enter the Friendly name (this must match the one entered when you created the CSR in the first step). Example: www.mydomain.com
Due to a bug in IIS 6.1, you may receive an error saying that the Friendly name didn’t match. However if you refresh (press F5) in the Server Certificates window, you should see your new certificate.
Export to PFX
In IIS Manager’s Server Certificates, make sure that the new SSL certificate is selected. Under Actions on the right, click Export. Select a file name and make note of its location. Enter a password; write the password down if necessary.
Install the Certificate in Azure
Log into Azure and select your Cloud Service. Go to the Certificates tab. Click on Upload at the bottom of the page. Select your PFX file and enter your password. After a few seconds, the certificate should be appear in the list of certificates.
Point to the New Certificate
In the Azure portal, go to the Configure tab. Scroll down to the Certificates section. Copy the thumbprint retrieved above and paste it over the existing thumbprint. Click Save at the bottom of the page to apply your changes.
The server may or may not restart. If you get an error, you should manually restart the server.
Update the Certificate reference in Visual Studio
Open Visual Studio and open your solution. Expand the Azure project. Expand the Roles folder. Double click on the desired role. Select Certificates on the left. In the right column under Thumbprint, highlight the correct row and click on the ellipse on the right. Select the desired certificate.
For Azure App Service
After the new cert. has been downloaded, unzip the file and rename the p2b file to a .cer extension as outlined above. Then complete the certificate request in IIS and export to a .pfx file (with password). In the Azure portal, go to the SSL Settings page and, under Private Certificates, upload the file.
On the Bindings page, add two new bindings and use the new cert. Remove the old bindings and old cert when done. Reload the web site and verify the new expiration for the cert.