diff --git a/src/freedombone b/src/freedombone
index 5961e493..fcc0825b 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -5698,7 +5698,7 @@ function configure_imap_client_certs {
   echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
-  echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
+  echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
   echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
   echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
   echo '' >> /etc/ssl/dovecot-ca.cnf
diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert
index da65a21d..f0ab6102 100755
--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -33,6 +33,12 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 USERNAME=
+COUNTRY_CODE="US"
+AREA="Free Speech Zone"
+LOCATION="Freedomville"
+ORGANISATION="Freedombone"
+UNIT="Freedombone Unit"
+EXTENSIONS=""
 
 function show_help {
     echo ''
@@ -95,7 +101,7 @@ chmod 600 /etc/dovecot/passwd-file
 freedombone-addcert -h $USERNAME
 
 # create a certificate request
-openssl req -new -sha256 -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
+openssl req -new -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
 
 # sign the certificate request
 openssl ca -config /etc/ssl/dovecot-ca.cnf -in /etc/ssl/requests/$USERNAME.csr -out /etc/ssl/certs/$USERNAME.cer