I'm trying to install a GoDaddy certificate for SSL and am running into a problem. First in the IIS Manager, there is no export option available, and certmgr will not export to the pfx format (which the Azure portal requires). I tried exporting to a CER file and then wrote a console application to convert it to a pfx file. Attempting to upload the result to the Azure portal failed as the portal requires a password. Adding a password via the console application conversion lets me upload to my hosted service successfully. However, deploying results in the following error: Error Creating New Deployment Error creating deployment for hosted service '[MY_SERVICE_NAME]' Certificate with thumbprint [THUMBPRINT_HERE] associated with HTTPS input endpoint Endpoint1 does not contain private key. Has anyone had luck with adding a GoDaddy certificate for SSL? Is there a way to upload a certificate to my service without a password (looks like this used to be the case)? Anyone have suggestions?

Certificates are used in two different ways in Azure: as Service Certificates for SSL and as Management Certificates for the Service Management API. The former should be provided by a Certificate Authority such as GoDaddy while the latter can be self-signed. Windows Azure installs a service certificate on all roles of the service where its installation has been configured through the Service Definition file and the Service Configuration file. Windows Azure does not deploy management certificates on any instance of the service. The only time you would need to upload a management certificate as a service certificate as well is if you intend to use the Service Management API from inside your instance - at which point you do need access to the certificate from the local instance. I didn't have any problem using a GoDaddy certificate for SSL. I used IIS to create and complete the request. I then exported the certificate as a PFX file from the Local Machine level of the My Certificate Store. If memory serves you can also export it as a password-protected PFX file directly from IIS after you complete the request.

Thanks for your help Neil! Yes, I'm using the ceritficate for SSL. I deleted my certificate, rekeyed, and tried again. Now the certificate is available to export from IIS. It all works now. Not sure what I did differently... Of course one problem solved always seems to lead to another question... Is it still the case that if you have mulitple certificates for mulitple domains, you can't configure multiple port 443 endpoints for each certificate and then use multiple bindings to map each endpoint to different hostheaders? For example: <Sites> <Site name="Web"> <Bindings> <Binding name="Endpoint1" endpointName="Endpoint1" /> <Binding name="Endpoint2" endpointName="Endpoint2" hostHeader="www.site1.com" /> <Binding name="Endpoint3" endpointName="Endpoint3" hostHeader="www.site2.com" /> </Bindings> </Site> </Sites> <Endpoints> <InputEndpoint name="Endpoint1" protocol="http" port="80" /> <InputEndpoint name="Endpoint2" protocol="https" port="443" certificate="www.site1.com" /> <InputEndpoint name="Endpoint3" protocol="https" port="443" certificate="www.site2.com" /> </Endpoints> <Certificates> <Certificate name="www.site1.com" storeLocation="LocalMachine" storeName="My" /> <Certificate name="www.site2.com" storeLocation="LocalMachine" storeName="My" /> </Certificates> I've seen this post, but I thought I should check to see if things have changed since then. Thanks!

-- Is it still the case that if you have mulitple certificates for mulitple domains, you can't configure multiple port 443 endpoints for each certificate and then use multiple bindings to map each endpoint to different hostheaders? Yes. Dominick Baier indicates on this Azure forum thread that this is an SSL issue not an Azure issue.

Thanks again Neil! Got it.

If you do not do the IIS "Create Certificate Request" and "Complete Certificate Request" from the same machine, you will not have the option of exporting from IIS or exporting to PFX from Certificate Manager. That was my problem. I did these two steps from two different machines.