Importing .pfx cert to a partner profile(sign/verify, encrypty/decrypt and SSL)

Hello,

I am attempting to import a .pfx certificate to a partner profile. However, Trading Networks (TN) only accepts .der, .cer, or .p7b extensions. I attempted to use Windows Cert Manager to import the .pfx and export the Root, Intermediate, and Client certificates to DER encoded binary x.509 (.CER). However, when I attempted to export the private key, the option was greyed out with a note that stated the associated private key is marked as not exportable. I also tried various methods using OpenSSL to convert the .pfx to .der, .cer, or .p7b. Unfortunately, I have had no luck importing the converted file to TN (to a particular partner profile). I encountered various errors such as:

  1. Certificate chain contains a single certificate, and that certificate is not self-signed: Even though I converted the whole chain to .cer/p7b and tried importing to sign/verify, encrypt/decrypt, and SSL.
  2. Java Null pointer.
  3. Cannot convert byte[][] to X509Certificate[], exception encountered at index 0. CertificateException encountered; Trading Networks cannot convert byte[] to java.security.cert.X509Certificat - Tried to import .cer that was exported from .pfx.

My end goal is to add the client certificate to the Partner profile.

Help is much appreciated.

Hello,
Looks like the key has been marked non-exportable. When generating the certificate, there’s a check mark that can be set to make it exportable.

Who’s pfx is this anyway? Yours? Or your partner’s?