Basic Constraints in CSRs

[ChristianBrandenburg]

Is your feature request related to a problem? Please describe.
I am trying to setup keyvault-acmebot with a custom CA (GlobalSign Atlas). Adding the Atlas endpoint is not a problem, but issuance of certificates fail due to OID 2.5.29.19/Basic Constraints being present in CSRs generated by keyvault-acmebot

Describe the solution you'd like
I would like CSRs not to be generated with OID 2.5.29.19/Basic Constraints. CA's usually ignore Basic Constraints (and Key usage extensions) in the CSRs they receive because they have to be added by CA's themselves according to their certificate profiles.

[shibayan]

I don't know much about CSR, so I'm using the default values generated by Key Vault, but I don't understand what will improve and what the impact will be with this proposal.