Reading @ https://www.openssl.org/docs/manmaster/apps/pkcs12.html "By default the private key is encrypted using triple DES and the certificate using 40 bit RC2." which clearly implies, with RC2 disabled (it is), that'll cause a problem in default config. Adding the options openssl pkcs12 -export \ >>> -descert fixes the problem, insofar as no error's caused on export. Would code to enable/use "-descert" as default cert, in the case of RC2 disabled, be called for? Or, perhaps with RC2 considered 'weak' these days, worhtwhile to make "-descert" the default?
