<InputEndpoint name="Endpoint1" protocol="http" port="80" />

create#create-a-new-self-signed-certificate
$cert = New-SelfSignedCertificate -DnsName yourdomain.chinacloudapp.cn -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange"
$password = ConvertTo-SecureString -String "your-password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath ".\my-cert-file.pfx" -Password $password

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="AzureCloudService1" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
    <WebRole name="WebRole2" vmsize="Standard_D1_v2">
        <Sites>
            <Site name="Web">
                <Bindings>
                    <Binding name="Endpoint1" endpointName="Endpoint1" />
                    <Binding name="HttpsIn" endpointName="HttpsIn" />
                </Bindings>
            </Site>
        </Sites>
        <ConfigurationSettings>
            <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString"/>
        </ConfigurationSettings>
        <Endpoints>
            <InputEndpoint name="Endpoint1" protocol="http" port="80" />
            <InputEndpoint name="HttpsIn" protocol="https" port="443"
             certificate="SampleCertificate" />
        </Endpoints>
        <Imports>
            <Import moduleName="RemoteAccess" />
            <Import moduleName="RemoteForwarder" />
        </Imports>
        <Certificates>
            <Certificate name="SampleCertificate"
                        storeLocation="LocalMachine"
                        storeName="My"
                        permissionLevel="limitedOrElevated" />
            <!-- IMPORTANT! Unless your certificate is either
        self-signed or signed directly by the CA root, you
        must include all the intermediate certificates
        here. You must list them here, even if they are
        not bound to any endpoints. Failing to list any of
        the intermediate certificates may cause hard-to-reproduce
        interoperability problems on some clients.-->
            <!--<Certificate name="CAForSampleCertificate"
                        storeLocation="LocalMachine"
                        storeName="CA"
                        permissionLevel="limitedOrElevated" />-->
        </Certificates>
    </WebRole>
</ServiceDefinition>

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="AzureCloudService1" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="6" osVersion="*" schemaVersion="2015-04.2.6">
    <Role name="WebRole2">
        <Instances count="1" />
    
    ... ...
    
        <Certificates>
            <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="B8E0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXD6D8" thumbprintAlgorithm="sha1" />
            <Certificate name="SampleCertificate"
              thumbprint="deb8bff5ced1e43e0723cdf9857b6a6ca1d793b2"
              thumbprintAlgorithm="sha1" />
        </Certificates>
    </Role>
</ServiceConfiguration>