Remove Issuer/Serial from AKI in certutil/certgen (elastic/x-pack-elasticsearch#3931)

The Issuer and Serial number are optional and can cause problems with
chain validation when using OpenSSL based tools

relates elastic/x-pack-elasticsearch#3915

Original commit: elastic/x-pack-elasticsearch@defcdd934f

plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertUtils.java

@@ -459,11 +459,10 @@ public class CertUtils {
                 throw new IllegalArgumentException("ca certificate is not a CA!");
             }
             issuer = X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded());
-            authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(caCert);
+            authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey());
         } else {
             issuer = subject;
-            authorityKeyIdentifier =
+            authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(keyPair.getPublic());
-                    extUtils.createAuthorityKeyIdentifier(keyPair.getPublic(), new X500Principal(issuer.toString()), serial);
         }
 
         JcaX509v3CertificateBuilder builder =