SSL between elastic nodes is failing

Thanks for the information.
We have used certgen tool to create csr then the certificates are signed by our organization. Does the certgen tool has some option to specify extended key usage while creating csr or we need to take care of extended key usage while signing csr and creating certificate?