Just adding my comments from aerogear-dev. Make passphrase optional defeats the purpose of security. I don't even get
why those services need a certificate if they skip the bare minimum.

I totally understand that those services allows it and also PKCS12 spec allows it, also security vs usability can be hard. But if we're willing to do it, let's make sure that we are advertising our users about the possible issues.