Hi,
I’m trying to create a signed certificate from a CA certificate without
creating a CSR first. From the doc, I came up with this command:
```
openssl req -CA ca.crt -CAkey ca.key -key leaf.key -subj ‘/CN=leaf’ -out
leaf.crt
```
However,
```
openssl x509 -in leaf.crt -text -noout
```
reports that it contains:
```
X509v3 Basic Constraints: critical
CA:TRUE
```
Which should be incorrect, since leaf.crt has an issuer and is not a CA.
I wonder if this is by design? Is there a way to omit the basic constraints
extension in a leaf certificate?
I’m using 3.0.1.
Regards,
Glen
