doc: Spice up generated CA

Use AES (the successor of DES) to encrypt private key. Further
reading:

 * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
 * https://ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices.pdf
   "3DES provides about 112 bits of security. This is below the
    recommended minimum of 128 bits, but it's still strong enough. A
    bigger practical problem is that 3DES is much slower than the
    alternatives. Thus, we don't recommend it for performance reasons,
    but it can be kept at the end of the cipher list for
    interoperability with very old clients."

 * http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf

Use SHA256 for our CA. This avoids accidental use of SHA1 or MD5 which
could be default values.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>

docs/sources/articles/https.md

@@ -30,14 +30,14 @@ First, initialize the CA serial file and generate CA private and public
 keys:
 
     $ echo 01 > ca.srl
-    $ openssl genrsa -des3 -out ca-key.pem 2048
+    $ openssl genrsa -aes256 -out ca-key.pem 2048
     Generating RSA private key, 2048 bit long modulus
     ......+++
     ...............+++
     e is 65537 (0x10001)
     Enter pass phrase for ca-key.pem:
     Verifying - Enter pass phrase for ca-key.pem:
-    $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
+    $ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
     Enter pass phrase for ca-key.pem:
      You are about to be asked to enter information that will be incorporated
      into your certificate request.