Re: Problems adding specific extensions to signed certificates

[Salz, Rich via openssl-users]

I think the mismatch is that CSR extensions are not carried over; they have to 
be added at signing time.
See https://github.com/openssl/openssl/issues/10458