Hello,

I am attempting to import a .pfx certificate to a partner profile. However, Trading Networks (TN) only accepts .der, .cer, or .p7b extensions. I attempted to use Windows Cert Manager to import the .pfx and export the Root, Intermediate, and Client certificates to DER encoded binary x.509 (.CER). However, when I attempted to export the private key, the option was greyed out with a note that stated the associated private key is marked as not exportable. I also tried various methods using OpenSSL to convert the .pfx to .der, .cer, or .p7b. Unfortunately, I have had no luck importing the converted file to TN (to a particular partner profile). I encountered various errors such as:

1. Certificate chain contains a single certificate, and that certificate is not self-signed: Even though I converted the whole chain to .cer/p7b and tried importing to sign/verify, encrypt/decrypt, and SSL.
2. Java Null pointer.
3. Cannot convert byte[][] to X509Certificate[], exception encountered at index 0. CertificateException encountered; Trading Networks cannot convert byte[] to java.security.cert.X509Certificat - Tried to import .cer that was exported from .pfx.

My end goal is to add the client certificate to the Partner profile.

Capture_certExport527×528 9.46 KB

Help is much appreciated.

Hello,
Looks like the key has been marked non-exportable. When generating the certificate, there’s a check mark that can be set to make it exportable.

Who’s pfx is this anyway? Yours? Or your partner’s?