@sebastian-roth Thanks for the suggestion, those commands are handy. I ran --recreate-CA alone & with --recreate-keys and just got a newer version of that same strange cert. I’m looking into it now but I believe someone may have customized the openssl.cnf file on our template, and something with that may be causing this behavior.