Per OpenSSL PKI Tutorial and its sample configuration file, a code-signing certificate is also an option that would complete spki.
All that should be required is making an intermediate with some variation of:
extendedKeyUsage = serverAuth, clientAuth, codeSigning
Per OpenSSL PKI Tutorial and its sample configuration file, a code-signing certificate is also an option that would complete spki.
All that should be required is making an intermediate with some variation of:
extendedKeyUsage = serverAuth, clientAuth, codeSigning