Requested Extensions in CSR not being reflected in CRT

问题

I have following CSR:

Certificate Request:
Data:
    Version: 0 (0x0)
    Subject: C=US, CN=www.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub: 
                04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
                79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
                f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
                b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
                9d:07:55:4f:52
            ASN1 OID: prime256v1
            NIST CURVE: P-256
    Attributes:
    Requested Extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Extended Key Usage: 
            Code Signing
        X509v3 Basic Constraints: critical
            CA:FALSE
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:21:00:b4:d8:73:e3:c0:2c:38:7d:44:c6:ed:c2:30:
     fb:0d:ca:99:74:fb:b9:2e:7e:72:d0:1a:6f:b5:89:8c:c2:e9:
     bd:02:20:45:91:99:3a:71:6c:f0:72:48:2f:c7:4c:93:d3:89:
     69:40:d1:b6:72:0f:e4:a9:2f:a8:cc:a5:3b:00:27:85:6d

But when I attempt to process the CSR:

openssl x509 -req -SHA256 -in [file].csr -CA ca.crt -CAkey ca.key -out [file].crt

I get the following certificate:

Certificate:
Data:
    Version: 1 (0x0)
    Serial Number:
        d8:2d:19:4b:d4:32:dc:0a
Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
    Validity
        Not Before: Apr 29 00:31:04 2017 GMT
        Not After : May 29 00:31:04 2017 GMT
    Subject: C=US, CN=www.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub: 
                04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
                79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
                f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
                b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
                9d:07:55:4f:52
            ASN1 OID: prime256v1
            NIST CURVE: P-256
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:21:00:97:a5:09:15:0b:fb:29:df:7b:59:8f:95:01:
     cd:81:04:a5:36:c2:c4:5d:fa:6f:f1:2f:72:c2:eb:7c:d1:92:
     2e:02:20:69:00:07:50:87:e5:a2:e9:a3:bf:a6:52:9c:80:df:
     b4:69:34:3f:e0:a9:09:75:f8:03:ce:46:1a:43:cf:a2:a9

So what the heck happened to the requested extensions that were in the CSR? What am I doing wrong?

tx! :-)

p.s. stack exchanged didn't like this post because it said it was too much code and not enough text, so please ignore the rest of this because if is just filler text ...

来源：https://stackoverflow.com/questions/43690647/requested-extensions-in-csr-not-being-reflected-in-crt