When ovs-pki is used for CA cert generation, it generates certificates
that are identical except for the public key.  If multiple controllers are
their own certificate authorities, the switch will receive multiple CA
certs that are identical other than their key.  Unfortunately, OpenSSL
cannot distinguish between them.  This is an excerpt of the
SSL_CTX_load_verify_locations function used by vconn-ssl:

    Certificate matching is done based on the subject name, the key
    identifier (if present), and the serial number as taken from the
    certificate to be verified. If these data do not match, the next
    certificate will be tried. If a first certificate matching the
    parameters is found, the verification process will be performed; no
    other certificates for the same parameters will be searched in case of
    failure.

To work around this, we add a bit of uniqueness to each certificate.  In
this commit, we add the generation time to the subject name.  Please note
that the CN field is limited to 64 bytes, so a bit of name compression
needed to take place in order to fit the time.

Bug #1782