- Generate the CSR (Certificate Signing Request). An easy way to do that is https://www.digicert.com/easy-csr/openssl.htm
- Take the output of this page and run it in a Bash shell, or some place that you have access to the OpenSSL library. This will create a csr file and a key file.
- Buy the certificate. These guys have good prices: https://www.ssls.com
- As part of the checkout, it will ask you to type in the text of the CSR file generated by OpenSSL in Step 2 above.
- Not sure what to select when asked for Apache vs Windows. But selected Windows, and I got a .cer file. Support had to send me a .crt file instead.
- After verifying who you are, then will send you a .crt file.
- Use OpenSSL again to convert the .crt file and the .key file to a pfk
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt
- Upload the resulting .pfx file to the server.
Some of this is taken from: https://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/#bkmk_iismgr