getting no subject alternative name present exception when the csr shows that the SANs are present

I am trying to setup ssl for grpc but no matter what I try I get a no subject alternative name present. I’ve verified the SANs are in the certificate signing request. The common name and also a SAN are the ip addr. I am trying to connect using the ipAddr. The exception I get is

Caused by: java.security.cert.CertificateException: No subject alternative names present     at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:137)     at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:96) 

The text of my csr follows:

sysadmin@rit5 san]$   openssl req -in my.csr -noout -text     Certificate Request: Data:     Version: 0 (0x0)     Subject: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89     Subject Public Key Info:         Public Key Algorithm: rsaEncryption             Public-Key: (2048 bit)             Modulus:                 00:b9:1d:0c:80:ee:b3:20:06:df:6e:f1:04:e5:10:                 54:5d:70:07:fd:68:25:33:12:37:73:98:45:8b:35:                 ba:cf:9b:7c:63:82:0a:e2:16:0d:33:36:10:dd:b5:                 f9:21:da:04:8c:18:15:77:e2:65:72:e8:c9:6e:01:                 dc:47:48:53:ce:45:c9:a9:f1:9d:d0:0f:a7:cb:d5:                 5b:55:eb:b4:38:cb:50:5d:51:c2:bb:65:f6:76:09:                 76:8d:34:0a:c6:35:95:e3:0f:8f:71:be:73:22:78:                 84:26:4f:5e:d3:6a:2c:69:b4:57:e1:fc:37:47:e6:                 56:80:6c:bf:7a:97:78:20:17:22:d0:fc:c6:0c:17:                 0b:dc:23:8f:0e:8a:cb:48:6d:a6:0c:ce:4b:24:54:                 66:82:d0:29:dd:bf:5b:5f:cd:b8:f3:2f:3a:40:09:                 cd:84:6c:2f:74:60:74:e2:3a:13:b9:2e:5c:df:39:                 a3:47:07:96:5a:ed:be:14:71:42:58:6b:53:77:a2:                 af:0a:6d:c3:57:ba:e0:95:ed:55:78:2f:21:cc:af:                 95:e7:de:50:3d:7d:7e:29:4e:ed:bf:9e:14:36:0e:                 71:a3:e4:79:03:12:cd:55:c3:77:00:0f:02:2d:d1:                 e6:2f:a5:b0:3e:62:76:4e:bd:2a:33:56:76:8f:8d:                 2f:b5             Exponent: 65537 (0x10001)     Attributes:     Requested Extensions:         X509v3 Key Usage:              Key Encipherment, Data Encipherment         X509v3 Extended Key Usage:              TLS Web Server Authentication         X509v3 Subject Alternative Name:              DNS:172.28.4.89, DNS:rit5.mycompany.com, DNS:rit5 Signature Algorithm: sha512WithRSAEncryption      17:18:63:dc:d9:84:90:da:de:b6:8e:82:ce:84:6a:a3:5d:11:      87:37:2b:e7:56:6e:e5:ea:42:11:4c:8f:66:28:8b:44:4f:0a:      b9:89:d9:67:86:f4:0f:8a:44:b8:b2:87:62:65:c2:9c:7a:08:      bf:74:4a:b3:f4:35:82:45:50:7f:3f:ab:c4:97:60:59:99:8c:      8e:8b:12:0f:3b:dd:2a:6d:a9:be:06:8a:70:e7:e6:08:22:57:      89:e8:c0:86:f1:26:dc:23:08:aa:ab:2f:07:0d:0b:78:0b:3d:      d9:ce:ac:92:32:80:81:18:25:17:d4:04:22:e2:f9:f2:96:b1:      be:76:96:0c:70:39:cf:64:d3:7d:66:b9:f8:b5:20:18:17:66:      a4:f8:26:a7:02:42:0e:9f:6f:1e:4c:19:1d:d5:19:7b:17:0c:      64:45:34:d0:12:af:e1:8e:9d:e1:ce:84:49:54:87:78:c9:ba:      10:f0:65:5b:0e:f4:4f:3f:91:de:cc:46:36:fa:45:ff:0d:7a:      a4:c7:9b:b7:82:f6:b0:3b:c4:f3:9f:45:94:43:a8:ad:ae:e2:      e2:a2:66:59:d1:5e:b2:ee:a6:55:90:27:4c:57:c8:04:4b:30:      bd:02:bf:e5:3e:7c:b1:c6:0f:04:50:f5:96:76:37:bb:ed:7a:      ba:3c:7c:07 

The config file I used to create the csr and key is here

[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no  [req_distinguished_name] C = US ST = TX L = Austin O = MYCOMPANY OU = MYUNIT CN = 172.28.4.89  [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = 172.28.4.89 DNS.2 = rit5.mycompany.com DNS.3 = rit5 

To generate the csr I used the following command

openssl req -new -out my.csr -newkey rsa:2048 -nodes -sha512 -keyout my-private-key.pem -config ssl.ext 

To self sign it used the following command

 openssl x509 \         -signkey my-private-key.pem \         -in my.csr \         -req -days 365 -out my-public-key-cert.pem 

I’m at my wits end. Any help would be appreciated. The certificate is generated without the SANs.

Certificate:     Data:         Version: 1 (0x0)         Serial Number:             c7:af:ad:c2:98:be:7b:c1     Signature Algorithm: sha256WithRSAEncryption         Issuer: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89         Validity             Not Before: Jun  5 20:26:00 2020 GMT             Not After : Jun  5 20:26:00 2021 GMT         Subject: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 Public-Key: (2048 bit)                 Modulus:                     00:b9:1d:0c:80:ee:b3:20:06:df:6e:f1:04:e5:10:                     54:5d:70:07:fd:68:25:33:12:37:73:98:45:8b:35:                     ba:cf:9b:7c:63:82:0a:e2:16:0d:33:36:10:dd:b5:                     f9:21:da:04:8c:18:15:77:e2:65:72:e8:c9:6e:01: