this command works in my F5:
openssl pkcs12 -export -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:wildcard_demo.local.crt_47284_1 -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:wildcard_demo.local.key_47282_1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -out /var/tmp/democert.p12 -certfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:DEMO_CA.crt_47294_1
or
openssl pkcs12 -export -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:wildcard_demo.local.crt_47284_1 -inkey /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:wildcard_demo.local.key_47282_1 -certpbe AES-256-CBC -keypbe AES-256-CBC -out /var/tmp/democert.p12 -certfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:DEMO_CA.crt_47294_1
NOTE: If you do not specify explicitly specify the certpbe and keypbe algorithm this version defaults to using pbewithSHAAnd40BitRC2-CBC to protect the certificate and pbeWithSHAAnd3-KeyTripleDES-CBC to protect the key.
RC2 was designed in 1987 and has been considered weak for a very long time. 3DES is still considered by many to offer 112-bits of security though in 2015 it is clearly not an algorithm that should still be in use.
Source : http://unmitigatedrisk.com/?p=543
Cirrus
