CA-related commands

Description

Add commands to aid getting CA-validated HTTPS certificates.

Tasks

• Implementation:
  • Create a command to regenerate TLS keypair, CSR and certificate, leaving the old ones in a backup folder (regenerate-tls-keys).
  • Create a Certificate Request (CSR) with the generated TLS, ready for the case of getting a CA-validated HTTPS certificate (generate-csr). Then, if the Operator decides to purchase a certificate, only the resulting cert PEM bundle needs to be installed, everything else being set. Originally at #66 (closed). This is implemented, but depends on onionmine#38 (closed). But since regenerate-tls-keys was implemented, this command became redundant. Details at the implementation notes.
  • Create a command to prove .onion ownership that can support many procedures in the future. Initially, only onion-csr nonce-based ownership-proof needs to be supported, through Onionmine.
  • Always generate a CSR when creating the self-signed certificate.
  • Make sure the required underlying commands are implemented in Onionmine (#onionmine#38 (closed)).
  • Add new commands into CI.
• Documentation update, including:
  • ChangeLog.
  • Tutorial.
  • Demonstration.
  • Using Onionspray.
  • Command syntax.
  • HTTPS certificates.
  • Upcoming general HTTPS docs (since this command generates the self-signed cert and other needed files for TLS/HTTPS).

Time estimation

• Complexity: small (1 day)
• Uncertainty: low (x1.1)
• Reference (adapted)