In addition to Microsoft Azure subscription, you will need a computer with OpenSSL or Microsoft IIS installed for this procedure to succeed. You can also use this guide to export a certificate into another instance of IIS.
openssl req -newkey rsa:2048 -nodes
openssl pkcs12 -export -out pfxfile.pfx -inkey yourprivatekey.pem -in yourservercert.cer -certfile teliarootbunch.cer.
certutil.exe -dump tiedoto.pfx. The pfx file should contain your server certificate with status "Encryption test passed" and the chain of Telia Root Certificates named TeliaSonera Server CA v2, TeliaSonera Root CA v1 and Sonera Class 2 CA. Naturally the root certificates do not have their private keys included.