Less obvious fake TLS certificate generation

This patch adds the following:
 * Pre-defined CA certificate subjects
 * Pre-defined popular website domain names
 * Fake certificate generation for pre-defined popular website domain signed by fake CA with pre-defined subject

It should look less suspicious than "example.com" certificates

src/lib/opensslVerify/openssl.cnf

@@ -1,5 +1,5 @@
 [ req ]
-prompt = no
+prompt = yes
 default_bits        = 2048
 default_keyfile     = server-key.pem
 distinguished_name  = subject
@@ -32,8 +32,8 @@ authorityKeyIdentifier  = keyid,issuer
 
 basicConstraints        = CA:FALSE
 keyUsage                = digitalSignature, keyEncipherment
+extendedKeyUsage        = clientAuth, serverAuth
 subjectAltName          = @alternate_names
-nsComment               = "OpenSSL Generated Certificate"
 
 # RFC 5280, Section 4.2.1.12 makes EKU optional
 # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
@@ -46,8 +46,8 @@ subjectKeyIdentifier    = hash
 
 basicConstraints        = CA:FALSE
 keyUsage                = digitalSignature, keyEncipherment
+extendedKeyUsage        = clientAuth, serverAuth
 subjectAltName          = @alternate_names
-nsComment               = "OpenSSL Generated Certificate"
 
 # RFC 5280, Section 4.2.1.12 makes EKU optional
 # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
@@ -55,16 +55,5 @@ nsComment               = "OpenSSL Generated Certificate"
 
 [ alternate_names ]
 
-DNS.1       = example.com
-DNS.2       = www.example.com
-DNS.3       = mail.example.com
-DNS.4       = ftp.example.com
-
-# Add these if you need them. But usually you don't want them or
-#   need them in production. You may need them for development.
-# DNS.5       = localhost
-# DNS.6       = localhost.localdomain
-# DNS.7       = 127.0.0.1
-
-# IPv6 localhost
-# DNS.8     = ::1
+DNS.1       = $ENV::CN
+DNS.2       = www.$ENV::CN