Subject Alternative Name is not copied to signed certificate

The copy_extensions directive is only understood by the openssl ca command. There is no way to copy extensions from a CSR to the certificate with the openssl x509 command.

Instead, you should specify the exact extensions you want as part of the openssl x509 command, using the same directives you used for openssl req.

Sorry, I can't comment (yet).

In addition to @frasertweedale :

I generated my server-certificate with a config file

openssl req -new -out certificate.csr -key certificate_private_key.pem -sha256 -days 1825 -config certificate.conf 

I then did

Instead, you should specify the exact extensions you want as part of the OpenSSL x509 command, using the same directives you used for OpenSSL req.

with the following command (I used the same .conf-file again):

openssl x509 -req -in certificate.csr -CA ca-root-public-certificate.pem -CAkey ca-key.pem -CAcreateserial -out certificate_public.pem -sha256 -days 1825 -extfile certificate.conf -extensions v3_req

There is a good documentation here : Certificates

You will need to compose an openssl conf file while creating a x509 cert request like this:

create CSR

openssl req -new -key server.key -out server.csr -config csr.conf

sign CERT

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf