为什么证书请求的扩展项设置无效？

我定制了一份openssl.cnf,加入若干x509.v3扩展项：

....
[ req ]
....
req_extensions = v3_req
....
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth,codeSigning
....

我用如下命令生成证书请求：
openssl req -new -key /tmp/server.key -out /tmp/cert.req -config /tmp/openssl.cnf

查看证书请求，确认其中已经包括扩展项：
openssl req -text -in /tmp/cert.req

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=c1, ST=bj, L=bj, O=test, OU=test, CN=test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bb:f4:fc:0c:08:0b:78:69:6e:32:c0:27:14:29:
                    14:2a:03:8e:f3:89:5c:8f:10:f9:90:e3:7d:55:e4:
                    01:d7:54:73:0d:c6:8f:d0:33:24:a3:bd:88:5b:91:
                    42:f7:b2:bb:41:53:ab:ed:bf:f7:d1:66:56:10:4b:
                    c4:f9:fa:24:17:5d:90:54:39:4c:75:a2:47:5b:56:
                    9d:86:e3:d6:87:d6:65:54:f9:83:72:ac:15:e1:e3:
                    80:33:0d:2d:2d:b9:ca:5b:cd:7c:43:b8:6c:18:2b:
                    a9:d9:90:0a:c6:08:8b:8e:d0:38:b4:6a:e4:17:53:
                    5a:3d:8d:63:67:5f:ae:9b:4d
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, Code Signing
    Signature Algorithm: md5WithRSAEncryption
        3a:b3:d6:36:c4:ea:dd:d2:81:4e:78:bc:41:5d:bc:6d:6a:26:
        27:15:1d:1f:e2:12:28:ea:2a:bc:fe:6b:67:07:eb:c9:55:ff:
        a3:63:18:00:36:f5:ea:51:a0:12:73:2f:dd:78:61:69:67:ba:
        f6:c7:01:10:af:89:bf:d7:f9:c8:dc:0e:90:eb:b5:5e:01:d6:
        07:5b:22:af:03:ec:0b:d1:46:26:e8:4c:15:5d:c0:02:58:7c:
        50:5a:bc:0c:74:0f:cb:48:e5:72:06:b6:01:72:9a:a6:ba:52:
        4f:05:aa:ab:dd:ff:6a:ab:66:eb:63:6e:f0:8d:44:d8:26:67:
        1a:6f
-----BEGIN CERTIFICATE REQUEST-----
MIIB7jCCAVcCAQAwZjELMAkGA1UEBhMCYzExCzAJBgNVBAgTAmJqMQswCQYDVQQH
EwJiajEMMAoGA1UEChMDYWx1MQ4wDAYDVQQLEwV3Y2RtYTEfMB0GA1UEAxMWenN1
cHMzZDUuY24ubHVjZW50LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
u/T8DAgLeGluMsAnFCkUKgOO84lcjxD5kON9VeQB11RzDcaP0DMko72IW5FC97K7
QVOr7b/30WZWEEvE+fokF12QVDlMdaJHW1adhuPWh9ZlVPmDcqwV4eOAMw0tLbnK
W818Q7hsGCup2ZAKxgiLjtA4tGrkF1NaPY1jZ1+um00CAwEAAaBIMEYGCSqGSIb3
DQEJDjE5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GBADqz1jbE6t3SgU54vEFd
vG1qJicVHR/iEijqKrz+a2cH68lV/6NjGAA29epRoBJzL914YWlnuvbHARCvib/X
+cjcDpDrtV4B1gdbIq8D7AvRRiboTBVdwAJYfFBavAx0D8tI5XIGtgFymqa6Uk8F
qqvd/2qrZutjbvCNRNgmZxpv
-----END CERTIFICATE REQUEST-----

使用如下方法生成证书：
openssl x509 -req -CA /tmp/cacert.pem -CAkey /tmp/cakey.pem -passin pass:"rootca" -CAcreateserial -CAserial /tmp/ca.srl -days 90 -in /tmp/cert.req -sha1 -out /tmp/server.crt

但是生成的证书里并不包含我在证书请求中指定的扩展项。请问为什么会这样？

补充：云计算 ,  云安全