Certificates without private keys will generally be delivered to you by your trading partners. These certificates need only to be imported into MOVEit Automation (through the SSL Certificates dialog) to be used as "Partner" certificates in AS Hosts.
There are several ways to obtain a certificate with a private key to be used as "My Organization" certificates in AS Hosts:
Purchase a commercial "client certificate" from Thawte, Verisign or one of the many other commercial CA vendors. If there is any chance that your AS partners will be requiring trusted CAs as well as specific certificates in AS transactions, this option may be the safest route. (Sometimes these certificates are also known as "email certificates" because they may also be used with SMIME-encrypted email.)
Get a new certificate from your corporate CA. If your company is already issuing client certificates and acting as its own CA, your certificate group should be able to provide you with a certificate and instructions on how to use it.
Obtain a certificate (with private key) from your partner. Some partners will deliver a *.pfx (or other format) certificate-with-private-key file before you start trading. In this case you will need to import this certificate (with the proper password) through the MOVEit Automation SSL Certificates dialog.
Create your own certificate.
In any case, you can import a certificate, or create a new one, using the MOVEit Automation Cert/Key Manager.
After you have imported your own certificate with private key (MOVEit Automation calls these My Certs or Private Certs), the good news is that you can usually use the same cert to sign and encrypt traffic for multiple partners. In other words, you will generally only have one or a few certs with private keys, no matter how many partner certs (without private keys) you may collect.