Exporting SSL Certificate to 3rd Parties


One of our 3rd party service provider wants us to create a certificate PFX file in order to host an application outside our network from xxx.companyname.com

What are the security risks about this? Can they acquire our private key, or can they use the certificate for any malicious activities?