> From: Michael Leone [mailto:turgon@xxxxxxxxxxxxxx] > Sent: Friday, February 07, 2020 11:55 > > How is that this works for everyone else, and not me? :-) It doesn't. I just reviewed this whole note stream, and realized you're using "openssl req" to create the certificate, rather than "openssl ca", according to your first note. openssl req doesn't respect copy_extensions, because it doesn't use a CA-section in the configuration file. To accomplish what you want, you'll have to use openssl ca. There are a number of walkthroughs online for setting that up. -- Michael Wojcik Distinguished Engineer, Micro Focus
