How to copy extensions to certificate?

Question

here is my csr config that I use to generate CSR file.

[ req ]
distinguished_name = req_distinguished_name
req_extensions     = v3_req
prompt             = no

[ req_distinguished_name ]
organizationName = SomeCompany
emailAddress = somecompany@company.com

[ v3_req ]
basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment
extendedKeyUsage       = clientAuth
subjectAltName         = @sans

[sans]
otherName.0            = 1.3.6.1.4.1.99999.1.1;UTF8:DeviceSerialNumber=SN123456789

Command:

openssl req -new -key device/device.key -out device/device.csr -config device-csr.conf -extensions v3_req

Here is my v3_sign.conf I use to generate certificate based on CSR.

[ v3_sign ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
subjectAltName = @sans

[ sans ]
# This copies specific entries from the CSR if present
otherName.0 = copy

openssl x509 -req -in device/device.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out device/device.crt -days 7 -extfile v3_sign.conf -extensions v3_sig

What I want to achieve is to generate certificate based on CSR, which will include otherName extensios with a value provided in CSR. I don't want to hardcode this value in v3_sign.conf, I would like it to be copied from CSR.

However I'm getting the following error:

x509: Error on line 9 of config file "v3_sign.conf" 40B7BF54F4790000:error:07000065:configuration file routines:def_load_bio:missing equal sign:../crypto/conf/conf_def.c:530:HERE-->:copyline 9

and I'm not sure why. When I call openssl with -copy_extensios without specifing config file - it works, however I want to only copy extensions that I allow and which are specified in the config.