Hi,
when your client to generate the PFX he had to protect the PFX with a password (it's a best practice), especially since the PFX contain your private key. So you don't have to enter a random password but you have to asked to your customer the password that he configured/entered during PFX generation.
More You may also be asked for the private key password if there is one!
Just for information, when you create a pfx using openssl for example you use this kind of command (create the pkcs12 file that will contain your private key and the certification chain):
openssl pkcs12 -export -inkey your_private_key.key -in result.pem -name my_name -out final_result.pfx
You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS for example).
Regards,