Fix HTTPS testing for stricter OpenSSL

* testenv/certs/README: Amend cert creation extensions
* testenv/certs/ca-cert.pem: Created without OCSP signing purpose

Having the OCSP signing purpose set made newer versions of OpenSSL
fail due to stricter checking. Test version of OpenSSL was 1.1.0e.

testenv/certs/README

@@ -30,11 +30,11 @@ Enter a dnsName of the subject of the certificate:
 Enter a URI of the subject of the certificate:
 Enter the IP address of the subject of the certificate:
 Enter the e-mail of the subject of the certificate:
+Will the certificate be used to sign OCSP requests? (y/N):
+Will the certificate be used to sign code? (y/N):
+Will the certificate be used for time stamping? (y/N):
 Will the certificate be used to sign other certificates? (y/N): y
 Will the certificate be used to sign CRLs? (y/N): y
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used to sign OCSP requests? (y/N): y
-Will the certificate be used for time stamping? (y/N):
 Enter the URI of the CRL distribution point:
 
 

testenv/certs/ca-cert.pem

@@ -1,20 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDPjCCAiagAwIBAgIIVGI7SyiXCDUwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
-AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
-MTExMTE2MzczM1oYDzk5OTkxMjMxMjM1OTU5WjAwMREwDwYDVQQDEwhHTlUgV2dl
-dDENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAv2IR1/gsaJsn+egtVFbMMMbivK+eVzPY8wEXb2flpe9a
-Kkwz824nSSrWfRigQmf/ODkNlK2x91kppfPmWkClUREQB3I4d/sHFnzqCkFKmNwt
-VT4DsL47VumgZF6ZjSqTYQD3MDH3VhFj1iKrRMM/aCZXwntD+67sKw6UPXfFbfUO
-Recpb7fCZPZFVFYStxgcF7cyH+DADLX5QCEjiLYH1es6FXrdw+ypgwBl+HuLkQ/4
-gE0JLQK5PAKSYeLy0JEBUPovkMXT+r9aPkQBF/9WD6uUPia0ERHbMIT0My84hBrG
-9d5u5gXPnH1ZxKIr8iJOYCydVjYndn21zs2IExwL6wIDAQABo1gwVjAPBgNVHRMB
-Af8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAw
-HQYDVR0OBBYEFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3DQEBCwUAA4IB
-AQCWKV1Txo3xytRSO1PwWK9ce5FhvQW9mubuuWmbEnQt9JaOhO1Og6ZmdPDlAQeo
-m0CJZZ0VNeodoBXPGopy3VyzF4ZzUR9leGk3sb1qTSoDCvJd/zLrfukHKugtwuK0
-b1fPnEjBjQ6gQI21coc1tmyX8Qsm7of5n+Ji601WG+FiVmmdEsCjmA/eAvwSbu1E
-cAVH476KUt4CrpVPQQVqzFPDz8i4iw/P+Jo+iNmL5S72OG2GfkSJq3XkUYa509W6
-N+8c3p4y0q/PcQ92s1OIHyEPZFRFhm4xw0sHkhD2KVoHseHZjCoYn4/lIzMPnJ6v
-EfZUJQXndeJnffbthaUp8Ea2
+MIIDJzCCAg+gAwIBAgIIWRQ9uws3g5owDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
+AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAgFw0xNzA1
+MTExMDMyMzdaGA85OTk5MTIzMTIzNTk1OVowMDERMA8GA1UEAxMIR05VIFdnZXQx
+DTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAL9iEdf4LGibJ/noLVRWzDDG4ryvnlcz2PMBF29n5aXvWipM
+M/NuJ0kq1n0YoEJn/zg5DZStsfdZKaXz5lpApVEREAdyOHf7BxZ86gpBSpjcLVU+
+A7C+O1bpoGRemY0qk2EA9zAx91YRY9Yiq0TDP2gmV8J7Q/uu7CsOlD13xW31DkXn
+KW+3wmT2RVRWErcYHBe3Mh/gwAy1+UAhI4i2B9XrOhV63cPsqYMAZfh7i5EP+IBN
+CS0CuTwCkmHi8tCRAVD6L5DF0/q/Wj5EARf/Vg+rlD4mtBER2zCE9DMvOIQaxvXe
+buYFz5x9WcSiK/IiTmAsnVY2J3Z9tc7NiBMcC+sCAwEAAaNDMEEwDwYDVR0TAQH/
+BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBTzPk44hEqpvsFvx2Gj
+UNpuKYvrVDANBgkqhkiG9w0BAQsFAAOCAQEAAsAugT64gwFMMtwDJo5r3/f9sMPA
+lWi1N7Nz8LjBa6Vqrk/3No3Fxxidb3IMO5RGecgZdGV/CL5lG7yjzgVB2ADx+68K
+TmcNEO4CDja5vDyRpG7NPGmhtc48iiOsnEhhWCw084S2rUKf7hAX3+yKg63Uwuik
+C0xHT6HwbrWcmWFQAQOqucPWEwzGRMjqn++3cHAG8XlNSL8tWIr7NmTKr7yufLPC
+HcDAVgJsBHTOWgs/Casq4EovO83hgustD6rAWJOf89DP6bB2yOPEHKVq6cBsuGDM
+F+V2Cr2ytyGPHrOCfH3IzCpQ45cxZX4TaJ7tgV9x7WlMLoNaZgo1ijsKOw==
 -----END CERTIFICATE-----