Updates to best practice for certificate generation

[JamesGibo]

Changes:

• Correct formatting
• Manufacturer Client cert expiry date - notAfter date set undefined
  • EST server should support this value
  • Should the EST server also ignore the validity date? Not likely to be support for this by default
• EST Client - Lack of stable time source
  • Should ignore certificate validity of EST Server during certificate provisioning
  • eg. allow it to communicate with the EST Server while the client does not have a stable time source
• EST Client Serial Number
  • Include in the manufacturer client cert
  • Include in th CSR sent to EST server - may not be used by EST server at the moment
• Fallback procedure if EST Client fails to renew cert
  • Should carry on using existing cert and retry
• Source of entropy definition