This is confusing enough that it warrants a post so you don't waste a bunch of time, as the documentation is confusing. If you have the evil grayed out "Export to PFX" experience, this post will save you.

The most important thing is to use IIS for everything.

Okay, so let's get started. First, you create your certificate in GoDaddy. Then, you need to generate a CSR and provide it to GoDaddy. You do that in IIS Manager. Hit WINDOWS+R and type iismanager.

Next, click "Server Certificates" and select "Create Certificate Request" on the left. When filling this out, be sure that the common name you choose is the same as your domain. Also be sure to change the dropdown to 2048 bit length.

Once you generate the CSR, you copy/paste the contents for GoDaddy. They'll then generate a .zip file you download for IIS.

Here's the crux. Once you download the .zip file, it will contain a .crt file and a .p7b file. You go back to IIS Manager and choose "Complete Certificate Request."

(Do not try to directly import the files returned by GoDaddy or else you won't be able to later export the private key and you will enter a world of pain and suffering until you realize your mistake, but you are reading this blog post, so you either already went awry, or I saved you.)

When you click "Complete Certificate Request", it will be looking for a .cer file. But you can change the dropdown and give it your .crt file. Ha! Once you do that, you finish the import. You'll then see your cert in IIS Manager. At this point, you can right click it and hit "Export" and it will let you export a .pfx with a password. Yeah!

At that point, you upload the .pfx to Azure and bind it to your service. And, if you want to redirect all http to https, you'll need to modify your web.config as follows, adding this as the first rule in your web.config: