How to renew SSL certificate on an Azure Cloud Service?

1)You upload the certificate to the Service Certificates section on the Windows Azure Portal - just as you did originally.

2) You modify the Service Configuration file to provide the thumbprint of the new certificate instead of the old one. This causes the certificate to be deployed to each instance.

3) You do an in-place upgrade or (use a VIP Swap) which causes IIS to start using the new certificate.

First you upload the new certificate using the Management Portal - go to Certificates tab of your cloud service.

Then if you believe in in-place reconfiguration (which I don't recommend for this scenario) you can go to Configure tab, scroll down to Certificates, change the thumbprint (you can get it from the Certificates tab) and click Save. Just don't forget to update your .cscfg files so that you have the changes preserved when you redeploy.

If you don't believe in in-place reconfiguration you'll have to change your .cscfg files and deploy your service into staging with the updated .cscfg and then do VIP swap and delete the previous deployment. This is what I recommend for this scenario because should anything go wrong with in-place reconfiguration you can experience service downtime.