Change default config to validate only example.com

Also fix readme to show a proper failing config to go along
with this default config change.

Change-Id: Id8e27ce34dc68af5341085a9403928646c2d5b7c

README.md

@@ -71,16 +71,17 @@ values and submit it using curl (change the user and secret if you have
 changed them in config.py):
 
     openssl req -text -newkey rsa:4096 -nodes \
-    -out subdomain.example.com.csr
+    -out subdomain.example.org.csr
 
     curl http://127.0.0.1:5000/sign -F user='woot' -F secret='woot' \
-    -F encoding=pem -F 'csr=<subdomain.example.com.csr'
+    -F encoding=pem -F 'csr=<subdomain.example.org.csr'
 
 Assuming the installation is successful and the default config is
 unchanged, this will fail validation, but should not give an OpenSSL or
-other error. Now generate a valid CSR that should pass validation and
-check that it is issued, by specifying a common name of
-'anchor-test.example.com' when prompted:
+other error. This is assuming you set the CN to be subdomain.example.org,
+which is not permitted in the default config. Now generate a valid CSR
+that should pass validation and check that it is issued, by specifying a
+common name of 'anchor-test.example.com' when prompted:
 
     openssl req -text -newkey rsa:4096 -nodes \
     -out anchor-test.example.com.csr

config.py

@@ -35,8 +35,8 @@ validators = [
     {
         "name": "default",
         "steps": [
-            ('common_name', {'allowed_domains': ['.hpcloud.net','anchor.test']}),
-            ('alternative_names', {'allowed_domains': ['.hpcloud.net','anchor.test']}),
+            ('common_name', {'allowed_domains': ['.example.com']}),
+            ('alternative_names', {'allowed_domains': ['.example.com']}),
             ('server_group', {'group_prefixes': {
                 'nv': 'Nova_Team',
                 'sw': 'Swift_Team',