Hi Frank.
How was your .pfx generated? From what I understand, the PKCS12 standard kind of requires an encryption password.
Some interesting general reading can be had here: bugzilla.mozilla.org/show_bug.cgi
You might find it easier in the long run to export the certificate from the original source with an encryption password if you have the opportunity...
Best of luck.
Phil.