cp -p /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg.orig
vim /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg
...snip...
policyset.serverCertSet.list=1,2,3,4,5,6,7,8,pp
...snip...
policyset.serverCertSet.pp.constraint.class_id=extensionConstraintImpl
policyset.serverCertSet.pp.constraint.params.extOID=1.3.6.1.4.1.34380.1.1.13
policyset.serverCertSet.pp.constraint.params.extCritical=false
policyset.serverCertSet.pp.default.class_id=userExtensionDefaultImpl
policyset.serverCertSet.pp.default.params.userExtOID=1.3.6.1.4.1.34380.1.1.13
policyset.serverCertSet.pp.default.params.userExtCritical=false
restart the CA and apply a CSR to the modified profile that has a user supplied extension for that OID, and a value, they should then appear in the X509v3 extensions of the issued certificate