The ACF00184 and ACF68033 can be due to the PKCS12 certificate package password being encrypted using encryption id-sha256 OID that ACF2 currently does not support. A circumvention would be to import the certificate package into the browser keystore and export the personal certificate in a PKCS#12 (.PFX) format and when specifying the password select encryption TripleDES-SHA1 as show below, or request that a new package be created where the password encryption is TripleDES-SHA1.