If I use OpenSSL to create an X509 certificate that gets signed with a CA certificate and includes an X509v3 SAN (Subject Alternative Name) extension, the generated certificate contains the SAN extension twice, whereas if the certificate is self-signed the SAN extension appears only once (which I would consider correct).
Steps to reproduce:
$ openssl version
OpenSSL 1.0.2n 7 Dec 2017
$ openssl genrsa -out example.key 2048
$ openssl req -new -key example.key -out example.csr
# ... confirm certificate defaults only enter "example.com" as Common Name
$ echo subjectAltName=DNS:example.com,DNS:www.example.com > example.cnf
$ openssl x509 -req -sha256 -days 7300 -text -extfile example.cnf \
-in example.csr -signkey example.key \
-CA ../ca.crt -CAkey ../ca.key -set_serial 01 \
-out example.crt
Afterwards if I inpect the certificate the section "X509v3 Subject Alternative Name" is printed twice:
$ openssl x509 -in example.crt -text -noout
...
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:example.com, DNS:www.example.com
X509v3 Subject Alternative Name:
DNS:example.com, DNS:www.example.com
...
This is not the case if no CA is used and the certificate gets self-signed via:
$ openssl x509 -req -sha256 -days 7300 -text -extfile example.cnf \
-in example.csr -signkey example.key \
-out example.crt
I can verify this behavior with OpenSSL 1.0.2n as well as OpenSSL 0.9.8zh.
Is this an OpenSSL bug or is there any valid explanation for this?
See answer of @dave_thompson_085:
Using both -signkey and -CAkey does not make any sense and triggers this strange side-effect.