I am trying to setup endpoints for Azure.
I was given an .p7b file but I need a .pfx file with private key for Azure.
Is there a way to convert my .p7b to .pfx?
Ok, here is a rundown on the whole Azure SSL certificate rigmarole. I've done this with GoDaddy (and more than a bit of help from one of their knowledgeable tech support guys). Also note that I've done this on Windows 8 Pro; your experience might be slightly different and/or your mileage may vary ;-)
Pay your money to a CA (Certificate Authority) to buy an SSL certificate.
Create CSR (Certificate Signing Request)
Now you need to create a CSR , which is text that you must supply to the CA in order for them to create your certificate. The CSR contains a couple of pieces of information:
You create the CSR locally on your PC using IIS Manager. Note: IIS is included with Windows, but is not installed by default. [I'll leave the details of installing IIS as an exercise for the student. Maybe some kind person will edit this answer and fill in those details.]
EDIT: rather than installing IIS on your local machine, you can RDP into the cloud service in Azure (very easy to do) and use IIS on that machine to create the CSR and Complete the Signing Request. If you do this, be sure to do this entire process in one sitting. If you generate the CSR and then wait to complete the request till sometime later, the cloud service may not be on the same machine and you won't have the "Export" option in IIS.
To create a CSR:
To create CSR - you can also refer the detailed steps at godaddy site. quite helpful.
Now, go back to your CA's website and find the online tool that lets you create the certificate that you purchased. The first thing it will want you to do is to paste (or upload) the CSR text. After you jump through your CA's hoops, you will receive one or more certificate files back from them.
Install certificate files into IIS
GoDaddy gives you two files: a p7b file and a crt file.
The crt file contains your public certificate. But you can't (yet) upload it to your web hosting provider because it doesn't include the associated private key. The web host needs the private key as well as the public key because it will be doing end-to-end encryption on your behalf.
The p7b file contains the certificates that comprise the "certificate chain" that allows your certificate to be verified up to your CA. In other words, when someone comes to your website and gets your certificate that claims that your website is run by Acme.com, this certificate chain lets that person's browser verify that your CA vouches for your identity. We'll get back to this file later...
Now you need to combine your public certificate with your private key and store the result in a password-protected pfk file.
Get back into IIS Manager on the same machine that created the CSR, navigate back to the Server Certificates page, and click on Complete Certificate Request (in the Actions pane on the right side of the screen).
To install the certificates into IIS, these detailed steps from godaddy site help may be helpful.
Get the pfx file
You should now see your new certificate listed on the Server Certificates page in IIS Manager. Select that certificate and export it as a pfx file (via the Actions pane on the right side of the screen).
Now you can go to https://manage.windowsazure.com (the Windows Azure management portal), select your website or cloud service, and upload the pfx file to the Azure certificate store.
Whew. Good luck...
EDIT
The above instructions only deal with installing the SSL certificate in your Azure web role, but not the intermediate certificates (i.e. the "certificate chain"). This works for most clients (browsers) because most browsers have the intermediate certificates for major CAs baked into them. In other words, the browsers know how to get from your SSL certificate up to the CA that issued it. But some clients require that the website itself publish not only the SSL certificate but also all of the intermediate certificates.
See this SO answer for details on how to do this.