diff --git a/src/freedombone b/src/freedombone
index 5961e4930e42ea2898fd01b8a68a318b9060ff2f..fcc0825b08fb7bbca1bc532e32a05b9f2bc74512 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -5698,7 +5698,7 @@ function configure_imap_client_certs {
   echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
-  echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
+  echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
   echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
   echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
   echo '' >> /etc/ssl/dovecot-ca.cnf
diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert
index da65a21d54f4ee5d4ed9a99ae778f781a871658c..f0ab610254a82de0bcf51788445302ef916324f1 100755
--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -33,6 +33,12 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 USERNAME=
+COUNTRY_CODE="US"
+AREA="Free Speech Zone"
+LOCATION="Freedomville"
+ORGANISATION="Freedombone"
+UNIT="Freedombone Unit"
+EXTENSIONS=""
 
 function show_help {
     echo ''
@@ -95,7 +101,7 @@ chmod 600 /etc/dovecot/passwd-file
 freedombone-addcert -h $USERNAME
 
 # create a certificate request
-openssl req -new -sha256 -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
+openssl req -new -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
 
 # sign the certificate request
 openssl ca -config /etc/ssl/dovecot-ca.cnf -in /etc/ssl/requests/$USERNAME.csr -out /etc/ssl/certs/$USERNAME.cer