Certificate Assistant swaps extension settings for CA / Users

I am trying to set up a Root Certificate Authority using Keychain Access/Certificate Assistant but I am running into some trouble.

When creating the authority the assistant asks you to enter Key Usage and Extended Key usage extension settings for both the CA itself and the users of it. However, upon completion of the certificate this seems to have been swapped around. So the CA itself seems to have the settings that were entered for the users of the CA.

For demonstration purpose, I have made some screenshots of setting up a Test CA:

This setup will yield the certificate seen below:

As you can see the values for the key usage and extended key usage extensions come from the values entered for the users for this CA. While the values for the basic constraints and subject alternate name seem to be taken correctly from the values entered for the CA itself.

Now I have a few questions about this:

• Is this a bug in certificate assistant and are the extensions 2 & 3 below incorrectly taken form the assistant? (If so I will have to use OpenSSL)
• If not, what is the reason the certificate would show default values it uses for certificates it will issue? And in that case, does the Key Usage field at No. 1 below represent the correct values entered for the CA?
• Do the user values entered for those 2 extensions affect the issued certificates in any way? (If the defaults for the issued certificate are changed). The reason I ask this is because I have read somewhere that the key usage extension sets defaults for issued certificates while the extended key usage extension sets restrictions for issued certificates.