Description
When we generate a new certificate, we create it with X509v3 extensions and configure the CA:TRUE constraint to mark it as CA.
X509v3 extensions: X509v3 Subject Key Identifier: 3D:5F:7F:2D:FE:0F:B2:75:60:73:1F:23:5B:A2:CC:23:B6:69:31:4D X509v3 Authority Key Identifier: keyid:3D:5F:7F:2D:FE:0F:B2:75:60:73:1F:23:5B:A2:CC:23:B6:69:31:4D X509v3 Basic Constraints: CA:TRUE
When the certificate is renewed, it seems to be completely missing the X509v3 extension. While it do not seem to cause any issues, it could be confusing and it would be better if the renewed certificate looked the same as before the renewal.