I'm trying to generate a certificate for an intermediate-ca with openssl which is signed by my own root ca. The root ca certificate is v3, but when I try to generate a csr for the intermediate-ca, openssl always generates a v1 certificate, which is also not allowed to sign other certificates.
The commands I used to generate a signed certificate (for the intermediate ca):
openssl genrsa -aes256 –out key.pem 4096
openssl req -new –key key.pem –out request.csr -reqexts v3_ca -extensions v3_ca
openssl x509 –req –days 365 –in request.csr –CA ca-root.pem –CAkey ca-key.pem -CAcreateserial –out certificate.pem -sha512 -extensions v3_ca
I have the version OpenSSL 1.1.0f on Windows and I didn't changed my configuration file.
Thanks for your help!