hi,
"TLS Web Client Authentication" - okay, its a client
X509v3 Key Usage:
Digital Signature
not okay - this cert isnt being used for just a signature - I expect
OpenSSL > 1.0.2 is now doing the right thing and not being happy with
the presented cert being used for more than its assigned task.
alan